NEWSPAPER 


Don’t underestimate your B players. 


Hostile Bid for PeopleSoft 
May Delay Apps Purchases 


J.D. Edwards sues Oracle 
for obstructing merger 


BY MARC L. SONGINI 

DENVER 

Whatever the outcome, Oracle 
Corp.’s hostile takeover bid for 
PeopleSoft Inc. is already cre- 
ating confusion and doubt 
among users of both People- 
Soft and J.D. Edwards & Co. 


Java Should Be 
Open-Source, 
Creator Says 
Other Sun execs wary 
of incompatibility issues 


BY CAROL SLIWA 
SAN FRANCISCO 


If pressed to vote yea or nay, 
the “father of Java” said last 


business applications. 

Some users last week said 
they may delay software pur- 
chases until the buyout at- 
tempt is resolved. For exam- 
ple, John Hill, CIO at Praxair 
Inc. in Danbury, Conn., said 
the maker of industrial gases 
will wait to see which acquisi- 
| tion scenario plays out before 

making a decision on whether 
Oracle Bid, page 49 


| week that he would cast his 
ballot in favor of making his 
creation more open-source, 
even though he recognizes 
that some of his Sun Micro- 
systems Inc. colleagues make 
strong counterarguments. 
During an interview at the 
JavaOne conference here, 
| James Gosling, the Sun vice 
president who unleashed the 
programming language eight 
years ago, said he thinks Java 
Java, page 13 





uses a mix of tools to combat fraud. 
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CeBIT America defiantly enters a lousy IT trade show market. 
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Vendors Clamp Down 


On License Compliance 


Audits increase as softw 


sagging sales by enforcing existing contracts 


BY THOMAS HOFFMAN 


LOS ANGELES 


| IT managers at a Gartner Inc. 
| conference here last week said 
| software vendors are increas- 


ingly threatening — and then 
conducting — audits to deter- 
mine whether users are com- 
plying with their li- pai 
censing agreements. 

According to IT pro- § 
fessionals and Gartner ae 


| analysts, the use of software 


audits has swelled in recent 
months as vendors look for 
ways to generate additional 
revenue from existing users to 
make up for reduced spending 
on new licenses. Vendors such 
as Microsoft Corp. and Oracle 
Corp. have long done audits of 
some of their customers, but 


ye 
ca 


are makers look to offset | 


conference attendees said oth- | 
er software developers are 
pushing harder on audits. 

Some users are trying to be 
proactive. For instance, the 
city of Chesapeake, Va., recent- 
ly completed a nine-month in- 
ternal audit of its Microsoft 

m desktop software li- 
censes and found itself 
| “to be in pretty good 
=. shape,” said Janet Had- 
ley, an account administrator 
for the municipality. 

But other users are still get- 
ting their license-tracking in 
order so they will be prepared 
for potential audits. 

“We're currently looking for 
an asset management tool to 
help us track software licenses | 
and invoices more effectively,” 


AUC- 


Busters 


Tired of losing millions 
of dollars to fraud, 
Internet retailers are 
teaming up to fight 
online credit card scams and take 
back the e-neighborhood. Page 35 
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said Ken Walton, a Tampa, 
Fla.-based project manager at 
Verizon Communications. The 
telecommunications company 
can no longer monitor its li- 
censing agreements manually, 
Walton said, “because we just 


| don’t have enough people.” 


At Harley-Davidson Motor 


| Co. in Milwaukee, software 


contracts are currently admin- 
istered by project managers. 
“But that’s not what we want 
to be doing,” said Shannon 
Kaul, an asset manager at the 
motorcycle maker. So the 
Harley-Davidson Inc. sub- 
Audits, page 14 


Wal-Mart 


Backs RFID 
Technology 


Will require suppliers to 
use ‘smart’ tags by 2005 


BY JAIKUMAR VIJAYAN 


AND BOB BREWIN 

CHICAGO 

Wal-Mart Stores Inc. last week 
said it plans to require its top 
100 suppliers to put radio- 
frequency identification tags 


| on shipping crates and pallets 
| by January 2005, a move that’s 


likely to spur broader adop- 
tion of the technology because 
of Wal-Mart’s market clout. 
However, at the Retail Sys- 
tems 2003/VICS Collaborative 
Commerce conference here, 
IT managers and technology 
vendors alike said that RFID 
devices still need to overcome 
major manufacturing, pricing 
RFID, page 14 
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Manages storage resources to meet changing demand. On demand. 
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SAS’ is all you need to know. 


Only SAS provides a high-impact, low-risk way 
to achieve intelligent data warehousing. You can 
extract, transform and load data from any source, 
across any platform, while assuring quality. 
Simplify the way you create and customize reports. 
And deliver a shared version of the truth. To find out 
how top companies reap bottom-line rewards with 
SAS software—by leveraging the value of data 
from corporate systems, e-business channels, the 
supply chain and beyond—visit us on the Web or call 
toll free 1 866 270 5727. 


www.sas.com/warehouse 
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Web Services: Inside Jobs 


In the Technology section: Many companies are dabbling 
in Web services, but Eastman Chemical and Merrill Lynch 
have launched big, companywide initiatives. Learn how 
users like Eastman’s Carroll Pleasant are employing Web 
services to solve internal integration problems. Page 23 
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Sybase gives China free soft- 
ware to help fight SARS. 


SCO has credible evidence to 
support its claim that Linux 
infringes on its Unix copy- 
rights, say analysts who have 
seen the code. 


The Homeland Security De- 
partment sets a two-year dead- 
line for integrating its systems. 


HP unveils OpenView prod- 
ucts and services that will play 
a role in its “adaptive enter- 
prise management” strategy. 


A new Bugbear virus targets 
financial institutions. 


FleetBoston is building a near- 
ly $10 million IT command 
center to unify the bank’s sys- 
tems and centralize network 
management work. 


Sprint exits Web hosting but 


will help users migrate. 


CeBIT makes its U.S. debut, 
but the attendance forecast is 
cut in half. 


HP plans a disk array that 
supports serial interconnects. 


Q&A: “Father of Java” James 
Gosling discusses the status 
of his creation. 


No big boost in IT spending 
is likely this year, according to 
surveys by Meta Group and 
Forrester. 


CRM vendor Salesforce.com 
offers a hosted application de- 
velopment service. 


: 30 Q&A: Lining Technology Up 

: With Business. The CEO of 
Managed Objects, Siki Giunta, 
talks about the link between 
IT and business success. 


: 32 Future Watch: Captchas Eat 

: Spam. Programs that distin- 
guish between humans and 
machines could fight spam 
and contribute to advances in 
artificial intelligence. 


> 33 Security Manager’s Journal: 

: Security Sweep Reveals 
Access-Token Violations. An 
after-hours check of physical 
security reveals a startling 
array of policy violations at 
Vince Tuesday’s company. 


MANAGEMENT | 


: 35 Fraud-Busters. Web retailers 

: are joining forces to battle on- 
line credit card fraud. The ef- 
fort includes forming groups 
like the secretive Merchant 
Fraud Squad. 





: 38 Q&A: Nurture the B Team. 

- The A players get the star 
treatment. But it’s also impor- 
tant for IT managers to pay 
ample attention to the B play- 
ers — those steady, capable 
performers who matter more 
in the long run, says consultant 
Vineeta Vijayaraghavan, who 
co-authored an article about 
the subject in this month’s 
Harvard Business Review. 


: 40 Dashboard Democracy. 

: Desktop business-intelligence 
displays are moving from the 
executive suite to the cubicle, 
where the ROI is even better. 


8 


On the Mark: Mark Hall says 
JavaOne was the place to be 
for gossip about IBM, Sun and 
Microsoft. There was some 
talk of Java programming, too. 


Maryfran Johnson explains 
why enterprise users are the 
real victims in Oracle’s hostile 
— some say frivolous — bid to 
buy PeopleSoft. 


Pimm Fox examines site- 
monitoring technology that 
purports to get to the heart of 
really useful customer data. 


David Moschella scoffs at 
characterizations of the IT in- 
dustry as “mature” and says 
it’s time to start thinking opti- 
mistically about IT’s future. 


34 Nicholas Petreley peeks into 


SCO’s mailbox for a new per- 
spective on the Unix/Linux 
ownership squabble. 


42 Bart Perkins offers a checklist 


of issues to consider — from 
U.S. privacy and security laws 
to potential employee back- 
lash — before taking the off- 
shore IT outsourcing plunge. 


50 Frankly Speaking: Frank 


DEPARTMENTS/RESOURCES 


At 


Hayes predicts Microsoft 
won't be much help in stop- 
ping viruses. He provides tips 
to help you get through a 
virus-studded summer. 


Deadline Briefs 


News Briefs 

Letters 

Company Index 
How to Contact CW 
Shark Tank 


Reining in Personal Firewalls 


in the Technology section: New tools 

let IT regain control over distrib- 
uted personal firewall software and prevent 
potential attackers from commandeering 
remote users’ machines. Page 28 
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-Net vs. Java 

DEVELOPMENT: The debate continues, with 
columnists Matt Puccini and Keith Franklin 
taking opposing sides. @ QuickLink k2350 


Protect Your Data 
From Wi-Fi Attacks 


MOBILE/WIRELESS: Don’t miss these tips on 
how to make a Wi-Fi network more secure. 
© QuickLink 38874 


Best Practices for 

Mastering Secure Code 

SECURITY: The cost of fixing faulty software 
soars after an application is deployed, says 
Steve Orrin, CTO at Sanctum Inc. Here’s how 


and why you need to build security into Web 
apps from the start. @ QuickLink 38578 


Your CRM Is Only 
As Good as Your Data 


SOFTWARE: Bad data can bring down a CRM 
system faster than just about anything else. 
Ascential Software’s Bill Hobbib offers some 
advice about how to avoid data problems. 


© QuickLink 38953 


You, Too, Can Contribute 

To Open-Source 

OPERATING SYSTEMS: If your company isn’t 
developing source code, you can still help 
the open-source movement — while boost- 


ing your technology ROL, writes columnist 
Timothy Witham. @ QuickLink 38782 
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each page on our site. 
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AT DEADLINE 


GSA Reviewing 
MCI as Contractor 


A spokeswoman for the U.S. 
General Services Administration 
(GSA) confirmed on June 13 that 
its inspector general has made 
an official referral to review the 
federal contractor status of 
WorldCom Inc., which is now op- 
erating as MCI. The referral goes 
to the GSA’s suspending and de- 
barring official, a common pro- 
cedure, according to the spokes- 
woman. A Senate committee 
launched an investigation in May 
into why federal contracts were 
given to WorldCom after finan- 
cial problems were made public. 


Oracle Reports 
Strong Quarter 


Oracle Corp. last week an- 
nounced revenue of $2.83 billion 
for its fiscal fourth quarter, up 
from $2.77 billion for the same 
quarter a year ago. Oracle said it 
had $9.47 billion in revenue for 
its full fiscal year, 2% lower 
than the $9.67 billion posted last 
year. CEO Larry Ellison said the 
company “had a great applica- 
tions quarter” compared with its 
competitors. 


Former VP Pleads 
Guilty to Fraud 


Terry W. Davis, former vice pres- 
ident of finance and controller 
for Santa Clara, Calif.-based 
Network Associates Inc., last 
week pleaded guilty to charges 
of securities fraud. They were 
the first charges to emerge from 
the government's investigation 
into the company’s bookkeeping 
practices. Network Associates 
couldn’t immediately comment. 


Short Takes 


Revenue from new CRM soft- 
ware licenses fell 24.7% in 
2002, according to GARTNER 
INC. ... TRANSMETA CORP. in 
Santa Clara has taken an un- 
specified equity stake in Hong 
Kong-based Linux developer 
CHINESE 2000 HOLDINGS LTD. 


NEWS 


| Company answers request for help with 
$300,000 worth of database software 





BY TODD R. WEISS 
HEN THE Chi- 
nese Embassy in 
Washington 
sent out hun- 

dreds of e-mails early last 

month asking the world for 
ideas and information on how 
to control the spread of SARS, 
the IT community responded. 
Sybase Inc. said last week 


| that it will donate approxi- 


mately $300,000 worth of 
database management soft- 
ware that will be used to mon- 
itor and track existing and 
new cases of the potentially 
fatal respiratory disease. 

The e-mails were sent out 
by Dr. Larry Wu in his capaci- 
ty as second secretary for sci- 


ence and technology at the 


Chinese Embassy. Hundreds 





of replies came back from 
technology companies, busi- 
ness associations, consultants 
and others, mostly in the U.S., 
Wu said. 

One of the e-mail recipients 
was the nonprofit Computer- 
world Honors Program, which 
recognizes IT users around 
the world who take technolo- 
gy in new and innovative di- 
rections to benefit mankind. 

Computerworld has a seat 
on the board of the Honors 
Program and is a co-founder 
of the group, which was estab- 
lished in 1988. 

Dan Morrow, executive di- 
rector of the program in Hern- 
don, Va., said the e-mail was 
forwarded to Honors Program 


| board members, including a 
| Sybase representative. 


Sybase Gives China Free 
Software to Fight SARS 


Sybase CEO John Chen said 
a company manager suggested 
to his colleagues that they of- 
fer assistance to Chinese 


health authorities. “We all im- 


mediately, within minutes, 
said, ‘Great idea,’ ” Chen said. 
“They asked for help, and we 
were just qualified in this case 
to help them. 


@ Sybase’s software will help track 
M the SARS virus in China. 





www.computerworld.com 


The products Sybase is pro- 
viding include Sybase IQ , 


| Enterprise Application Server, 


Adaptive Server Enterprise, 
PowerBuilder and Power- 
Designer. The software will be 
used to create critically need- 
ed databases to track and 
monitor SARS cases in hospi- 
tals and other health centers 
across the country. 

Dublin, Calif.-based Sybase 
made the donation directly to 
the Chinese Center for Dis- 
ease Control and Prevention. 
Although no hardware sys- 
tems have been donated with 
the Sybase software, Wu in- 
dicated that China has suffi- 
cient systems in place to make 
immediate use of Sybase’s 
donation. 

Wu said his country hasn’t 
been shy in the past about ask- 
ing the world for assistance 
in times of natural disasters, 
such as floods or earthquakes. 
With SARS, though, it took a 
while for China to seek help, 
he said. “We have made some 
mistakes in the campaign to 
fight SARS,” Wu said. “We 
[initially] thought it was not 
so serious a disease.” D 





Analysts Say Evidence 
‘May Support SCO Case 


Contested code gives credence to Unix 
claim, but courts will ultimately decide 





BY TODD R. WEISS 
| As promised, The SCO Group 

Inc. last week revealed to sev- 
eral industry analysts some of 
the Linux source code that it 
claims was illegally copied 
from Unix. 

But analysts have varying 
opinions about the signifi- 
cance of what they were 
shown and how it fits in with 
the $1 billion lawsuit that Lin- 
don, Utah-based SCO filed 
against IBM in March. In that 
lawsuit, SCO alleges that IBM 
misappropriated SCO Unix 
trade secrets by putting some 
of the code into Linux [Quick- 
Link 36901]. 

Laura DiDio, an analyst at 
The Yankee Group in Boston, 








said she saw “two or three” 
samples of the allegedly 
infringing Linux code that 
appeared to be a “copy and 
paste” match of the SCO 
Unix code. 

DiDio and the other ana- 
lysts were able to view the 
code only under a nondisclo- 
sure agreement, so she could 


& | think there is 
a basis that 
SCO has a credible 
case. This is not a 
nuisance case. 
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LAURA DiDIO, ANALYST, 
THE YANKEE GROUP 





not divulge details, she said. 

“The courts are going to 
ultimately have to prove this, 
but based on what I’m seeing 
... I think there is a basis that 
SCO has a credible case,” Di- 
Dio said. “This is not a nui- 
sance case.” 

George Weiss, an analyst 
at Gartner Inc. in Stamford, 
Conn., recently reviewed sev- 
eral supporting documents 
from SCO, and he said they 
potentially bolster the compa- 


| ny’s claims. 


The documents allegedly 
show the contracts that gave 
SCO the rights to Unix. Weiss 
refused to sign the nondisclo- 
sure agreement, so he didn’t 
view any of the contested 
code. But the documents he 
saw at least gave credence to 
SCO’s claims, he said. 


Not a Judge or Jury 

Bill Claybrook, an analyst 

at Boston-based Aberdeen 
Group Inc., said the code he 
viewed shows that SCO could 
have a claim. But he noted that 





his assessment based on a 
brief look at some of the code 
is far different from a judge or 
jury eventually reaching a ver- 
dict in the IBM case. “I have 
no idea” if there’s a problem 
with the code, Claybrook said. 

“From what I’ve seen, I 
think people should be taking 
the SCO accusations seriously, 
but I don’t know if they have 
any proof,” he said. Although 
he was shown code that was 
the same in both Unix and 
Linux, Claybrook said there 
was no way to determine the 
origin of the code. 

Dan Kusnetzky, an analyst at 
IDC in Framingham, Mass., 
said he turned down SCO’s of- 
fer to look at the code because 
it wouldn’t have provided any 
fair conclusions or answered 
any questions about the case. 

Even if there are code 
matches between Linux and 
Unix, he said, there would be 
no way to know whether it 
was put there legally or who 
put it there. “How do they 
know it was IBM?” he said. B 
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HP Users Welcome Expanded 


NEWS 


OpenView Product Line 


Better network management is key to 


vendor's ‘adaptive enterprise’ initiative 





BY MATT HAMBLEN 
Hewlett-Packard Co. will take 
some of the vapor out of its 
“adaptive enterprise manage- 
ment” strategy with the intro- 
duction today of more than 30 
new and enhanced OpenView 
management products and 
services. 

The products are being an- 
nounced at the HP Software 
Forum in Chicago, where 
users will gain exposure to 
concrete examples of HP’s 
adaptive enterprise initiative. 

That initiative is mirrored 
by strategies from competitors 
such as IBM, Sun Microsys- 
tems Inc. and Computer Asso- 
ciates International Inc., 
which variously describe such 
technologies as “autonomic” 
or “on-demand” computing. 
The aim is to enable business- 
es to reduce IT complexity 
and cost by creating an infra- 
structure that changes with 
business demands. 

One of the enhanced tools 
being announced today, HP 
OpenView Network Node 
Manager 7.0 (NNM), caught 
the attention of several Open- 
View users planning to attend 
the conference. Enhancements 
to the widely used network 
management tool include sup- 
port for Linux and the ability 
to manage more objects on a 
network, as well as support for 
native Duplicate IP. The latter 
is useful for collecting net- 
work data at one point on 
multiple IP networks, said Bill 
Emmett, solutions marketing 
manager at HP. 

Duplicate IP support is in- 
teresting because it could help 
recently merged companies to 
monitor combined IP net- 
works that aren’t identical, 
said Jason Kennedy, a systems 
management analyst at Best 
Buy Canada Ltd. in Burnaby, 
British Columbia. 

Best Buy Canada has a large 





OpenView project under way 
that started in late 2002 and 
should take another year to 
fully implement. 

Once complete, the system 
would monitor networks and 
network devices in 130 stores 
and warehouses in Canada 
“through a single pane of glass 
with a service-oriented focus,” 
Kennedy said. 

“ ‘Adaptive enterprise man- 
agement’ might be called ‘au- 
tonomic’ or ‘on-demand,’ but 
that’s just wordsmithing,” he 
said. “It really comes down to 


| how I save money for the busi- 


DHS Sets Timeline for IT 


CIO says project 
due to be finished 
within two years 


BY PATRICK THIBODEAU 
WASHINGTON 
Steve Cooper, who as CIO at 
the U.S. Department of Home- 
land Security (DHS) must un- 
tangle the mess of disparate 
networks and data standards 
of the 22 federal agencies that 
merged to form the DHS, said 
last week that a unified IT in- 
frastructure will be completed 
within 18 to 24 months. 
“We're moving toward one 
Department of Homeland 


| Security,” Cooper said at the 


E-Gov conference here. “We 
want to unify and simplify the 
environment as rapidly as we 
can.” 

Cooper said he plans to rely 
heavily on commercial appli- 
cations to accomplish what is 
no simple task. Federal agen- 
cies have historically operated 
autonomously, and their IT 
systems weren't designed to 
interoperate with one another. 

According to Lee Holcomb, 
chief technology officer at the 








ness. That’s why I exist.” 
Another OpenView user, 

Zurich Life Insurance Compa- 

ny of America in Schaumburg, 


| Ill, is looking for an easier in- 


terface with the HP OpenView 
Service Navigator tool, said 
Timothy Hagn, vice president 
of Zurich’s IT operations and 
engineering. 

In fact, HP said, Service 


| Navigator Value Pack 7.1, being 


announced today, is easier to 
use and includes a new con- 
nection between Service Navi- 
gator and Open View Service 
Desk to help correlate net- 


| work problems with customer 


service calls received by the 
help desk. 
In the long term, Hagn said, 


DHS, a key hurdle to be over- 
come is the various agencies’ 
differing business rules, which 
dictate how data is described, 


collected and accessed. 


Holcomb’s job is to devise a 


| plan to make data held by each 
| agency accessible by other 

| agencies under the DHS um- 

| brella. Data mart and data 


warehousing options are cur- 


| rently under consideration. 


DHS is also examining best 
approaches for providing re- 
mote users with wireless ac- 
cess to department systems. 
The department also plans to 
increase the deployment of 
portable devices within the 


| next six to nine months. 


As agency integration ef- 


eae Mea 
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Among HP’s 
HP OpenView Network Node 
Manager 7.0: Starter Edition and 
Advanced Edition. Includes diag- 


Co 


HP OpeniView Transaction Ana- 
tyzer 2.0: Analyzes application 
transactions at the client, Web 
setver or application server. 


| work and describe ways that 


he can quickly cut down on 
electricity and ventilation 


| costs for computing centers by 





| gists who have “a 


| Security mission,” 


| tapping underused servers. 


Kirby Vaughn, a board 


Integration 


forts take shape, department 
IT officials expect to post 
more job advertisements in 
the months ahead. 

Although position require- 
ments haven’t yet been fully 


identified, there 
are many technolo- 


desire to become 
part of the Depart- 
ment of Homeland 


said Pat Scham- 
bach, CIO for the 
Transportation Security Ad- 
ministration, which is now an 
agency of the DHS. 

Getting a job at the agency 
requires a security clearance, 
but officials say that hasn’t 
been an obstacle — getting an 
initial security clearance can 
be accomplished in as little as 
two weeks. Higher security 
clearance levels, however, can 
take months. 

Meanwhile, emerging tech- 
nologies appear to be playing 
a growing role at federal agen- 
cies. For instance, Cooper 
said, agencies are working 
with commercia! vendors to 





find ways to utilize unstruc- 
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| member of OpenView Forum 


International, a 7,.000-member 


| user group in Emmaus, Pa., 


said he wants to learn more 


| this week about enhancements 


to NNM. 
Users are interested in how 
NNM will integrate with tech- 


| nology from Cisco Systems 

| Inc. and voice-over-IP prod- 
| ucts, Vaughn said. In recent 

| years, he said, users have had 


to “pound on HP” to include 


| monitoring functionality for 
| virtual LANs, something users 
had to build themselves until 


HP finally responded. 
“They rode on their laurels 


| for a while, but in the last year 
| or two, they’ve started doing 
he wants OpenView’s adaptive 
| technology to monitor his net- | 


more,” Vaughn said. 
With the exception of the 


| Service Navigator Value Pack, 
| which will be available in four 
| months, all of the products be- 
| ing announced today will be 

| available within three months, 


FREE FOR A PRICE 


Ascholarship-for-service 
program for IT security 
professionals in federal 
agencies is working 

© QuickLink 39180 
www.computerworld.com 
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HP officials said. D 


| tured data, such as data that 


isn’t located in a relational 
database and can’t be easily 
manipulated and analyzed. 
The CIO Council, a body 
made up of all the CIOs in the 
federal government, has in 
fact formed a committee to ex- 


| amine emerging technologies. 


“We want the 
government to be 
at the forefront 
[of ] leveraging 
technology,” said 
US. Air Force 
CIO John Gilligan. 
“We want to be 
scanning the hori- 
zon and be an early adopter. 
We need to convey to industry 
what our technology needs 
are.” 

Craig Luigart, CTO at the 
U.S. Department of Education, 
disputed the stereotype that 
the government lags behind 
the private sector in the adop- 
tion of IT. 

Many agencies were early 
adopters of new technologies, 
such as voice over IP and 
virtual private networks, and 
they are now seeing returns 
on those investments, he 
noted. 

“T never liked being No. 2,” 
Luigart said. D 
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Pitts) 


Microsoft Acquires 
Antivirus Assets 


Microsoft Corp. has agreed to 
buy the intellectual property and 
technology assets of GeCAD 
Software SRL, an antivirus soft- 
ware vendor in Bucharest, Ro- 
mania. Microsoft plans to use 
the technology as part of an up- 
coming antivirus offering. But it 
said a GeCAD product used pri- 
marily with Linux systems will be 
dropped. The financial terms of 
the deal weren't disclosed. 


Cisco Gets Ruling 


Against Huawei 


A federal judge in Marshall, 
Texas, issued a preliminary in- 
junction barring Shenzhen, Chi- 
na-based Huawei Technologies 
Co. from selling routers that in- 
clude software derived from Cis- 
co Systems Inc.’s source code. 
But Huawei, which was sued by 
Cisco in January, said the in- 
junction is “extremely narrow” 
and won't affect routers that 
have replaced the disputed ones. 


SuSE Readies 
Linux for Desktops 


SuSE Linux AG said it plans to 
release a desktop PC version of 
Linux for corporate users in the 
U.S. and Europe later this month. 
The SuSE Linux Desktop soft- 
ware starts at $598 for five end- 
user licenses and comes bundled 
with Sun Microsystems Inc.’s 
StarOffice 6.0 suite of desktop 
applications. But Nuremberg, 
Germany-based SuSE said it will 
also support Microsoft Office. 


Short Takes 


MERCURY INTERACTIVE CORP. 
said it’s acquiring KINTANA INC., 
a developer of software for mon- 
itoring IT operations, in a cash- 
and-stock deal valued at about 
$225 million. Both companies 
are based in Sunnyvale, Calif. 

. .. YAHOO INC., also in Sunny- 
vale, announced an upgrade of 
its instant messaging software 
for corporate users. 
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Sun Exec Blasts 
IBM for Linux ... 


... Strategy, saying, “IBM has been using Linus [Torvalds] like a tool 
and exploiting the open-source community.” Those fightin’ words 
come from Jonathan Schwartz, executive vice president for Sun’s 
software group. He doesn’t think IBM’s Linux sales have been kind to CIOs, 
either. “They’ve been spreading IP [intellectual property] radiation” 
to companies that get their Linux from IBM because of Big Blue’s con- 
tract problems with SCO Group. Sun, he hastened to add, has crossed 
all its t’s and dotted all its i’s with SCO just in case the Unix/Linux 


legal claims have merit. ® IBM was on the 
minds of many at Sun’s eighth JavaOne 
Conference in San Francisco, and not just 
because it had two booths on the show 
floor. Rumors flew daily from Moscone 
Center North to South, 

where the gathering of 15,000 
or so Java devotees was held, 
that IBM “needed to buy Sun to 
save Java,” as one breathless 
rumormonger put it. But 
Sun’s marketing VP for soft- 
ware dismissed that notion 
with a laugh. “IBM can’t afford 
us,” guffawed John Loiacono. 
“We have five-and-a-half bil- 
lion dollars in the bank. IBM 
doesn’t have $5 billion.” True. 
But, hey, interest rates are 
pretty low. Maybe IBM could 
take out a second mortgage 
on its digs in Armonk, NY. 

= If you're a rabid Solaris 
user, these verbal jousts can 
be fun. But more fun might be 


agra 
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an early look at Solaris 10. Real early. Like a 
year to a year and a half before it’s re- 
leased. Word is that Sun is developing a 
program called Express that will give 
users a hands-on experience with its 
Unix system well before the 
beta release. ® Schwartz, 
Loiacono and other Sun 
execs also enjoyed knocking 
Microsoft for its “failure” in 
the handset market. By the 
end of the year, Schwartz 
claims, Java will be installed 
on more than 350 million 
cell phones, BlackBerries 
and other similar devices, 
while Windows “won't even 
be there.” What makes Java 
appealing to IT on handsets, 
says Ernie Cormier, vice 
president at Nextel Commu- 
nications Inc., is that “you 
can control the entire UI 
[user interface].” He envi- 
sions IT deploying Java 
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handsets to sales forces, fieid technicians 
and other road warriors instead of laptops, 
“reducing your dependence on PCs.” Cormi- 
er says Nextel is committed to Java and 
by the end of the year will ship some new 
devices that have IT in mind. ® These 
expanaing Java environments will need 
many new programmers. And Sun execs 
pledged to raise the number from the 
currently claimed 3 million to the wished-for 
10 million. Where will they come from? 
According to David Litwack, senior vice 
president at Novell Inc., they’ll have to be 
recruited from the ranks of business de- 
velopers. You know, the kind who whip 
out Visual Basic scripts or complex Excel 
spreadsheets. “We need to raise the level 
of abstraction for the bulk of what’s done 
in J2EE,” he says. John Fowler, Sun’s chief 
technology officer for software, agrees. 
“J2EE needs simpler expressions to take 
advantage of precoded functions,” he 
says. That’s not exactly a snappy marketing 
slogan, but it’s exactly what Novell will be 
doing this fall when it ships its Extend 5.0 
suite for those developers who may not 
want to delve into the devilish details of 
Java code to accomplish their work. 

® Hewlett-Packard wants to attract Java 
coders, too, especially to its OpenView 
application. But HP thinks they sleep too 
much, so it will soon send out invitations 
to developers for its first HP Bazaar 
Camp USA. The three-day, all-day, all- 
night coding carnival has already run 
seven times in Europe and Asia, but the 
execs behind it believe it’s time for you, 
too, to jack yourself up on caffeine and 
prove you can program till the sun comes 
up. Sleeping bags, massages and laptops 
will be doled out to those lucky few who 
qualify for the Sept. 16-18 event. Check 
out www.hpbazaar.com for all of the 
bizarre details. D 





New Bugbear Virus Targets Financial Institutions 


make sure that their security 
systems are fully in place. No 
member banks have yet been 


Firewalls, antivirus software are so far 
keeping worm out of banks’ systems 





BY TODD R. WEISS 
The latest variant of the Bug- 
bear computer virus is being 
investigated by the FBI be- 
cause it was found to be tar- 
geting financial institutions. 
Bill Murray, a spokesman 
for the FBI, said last week that 
the investigation began June 6 
and will seek to track down 
the originators of the virus 
through electronic “finger- 
prints” often left behind with- 
| in the code. 








Bugbear is a mass-mailing 
worm that also spreads 
through networks, according 
to Cupertino, Calif.-based 
Symantec Corp. 

The virus can infect exe- 
cutable files and is particularly 
dangerous because it can log 
the keystrokes a user enters 
on his computer, potentially 
allowing an attacker to get a 
victim’s personal information 
and account numbers. It also 
contains backdoor capabilities 





and can shut down antivirus 
and firewall programs. 

Banks were identified as key 
targets when it was discovered 
that the worm’s code contains 
a list of the domain names of 
more than 1,000 banks from 
around the world, according 
to Symantec. 

Suzanne Gorman, chairman 
of the Financial Services In- 
formation Sharing and Analy- 
sis Center, said the Reston, 
Va.-based financial industry 
security organization respond- 
ed immediately to the first re- 
ports of Bugbear attacks on 
banks by warning members to 





infiltrated by the Bugbear 
virus because of firewalls, an- 
tivirus protection and other 
multilayer IT security sys- 
tems, she said. “Right now, 
we're remaining on high 
alert,” Gorman said. 

Robin Bloor, an IT and secu- 
rity analyst at Baroudi Bloor 
Inc. in Arlington, Mass., said 
Bugbear is particularly insidi- 
ous because of its keylogger 
capabilities, which collect and 
document user input and pro- 
vide it to an attacker. “That 
fundamentally undermines 
the security when it gets in 
there,” Bloor said. B 
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FleetBoston Buildi 


NEWS 


5 


IT Command Center 


Project will unify bank’s systems and 


centralize network management work 





BY LUCAS MEARIAN 
ALBANY, N.Y 
Y NOVEMBER, Fleet- 
Boston Financial 
Corp. plans to com- 
plete a nearly $10 mil- 
lion project to build an enter- 
prise operations center that 
will bring all its systems and 
network management opera- 
tions into one room and pro- 
vide real-time links to a 
secondary data center 150 
miles away. 

Robert Wischnowsky, Fleet- 
Boston’s chief technology offi- 
cer, said the new command 
center will centralize network 
support operations that have 
remained fractured following 
acquisitions by the Boston- 
based company. He added that 
he expects to be able to cut 
FleetBoston’s IT staff by an 
unspecified number and in- 
crease the amount of floor 
space available at its primary 
data center here by 3,500 
square feet — two benefits 
that should produce a return 
on investment within a year. 

FleetBoston has become 
one of the 10 largest banks in 
the U.S. by buying more than 
150 firms during the past 20 
years — a growth strategy that 
Wischnowsky said will contin- 
ue. But in an interview at the 
data center this month, he said 
merging systems became a 
standardized process, but the 
networks supporting Fleet- 
Boston’s flagship banking 
business and its credit card 
services and capital leasing 
subsidiaries are currently sep- 
arated from one another. 


A Matter of Trust 

“We’ve had firewalls in be- 
tween [networks] because no 
one trusted each other,” Wis- 
chnowsky said. FleetBoston 
plans to bring the nonbanking 
operations onto its consolidat- 





ed network and “drive the 
standardization of processes 
across the company,” he said. 
For example, the company 
in April went live with IBM’s 
Tivoli Business Systems Man 
ager software after an 18- 
month rollout. Ed Glenning, 
who manages FleetBoston’s 


enterprise systems, said the 


tool is being used by systems 
administrators to centrally 
monitor and control applica- 
tion and database servers, 
batch processing jobs, and 
mainframe CICS systems. 
FleetBoston’s systems, cor- 
porate networks and the net- 
work that supports its 3,400 





ATMs are managed with dif- 
ferent software tools by work- 
ers in separate locations — the 
first two are in adjacent rooms 
at the Albany data center, and 
the ATM network is in anoth- 
er building in Albany. 

But Glenning said that by 
November, he expects to con- 
solidate all the systems and 
network management activi- 
ties on Tivoli software and re- 
locate the management opera- 
tions to the new command 
center, which is being built 
within the Albany data center. 

A Ridgefield Park, N.J., facil- 
ity will be expanded as a back- 
up data center and will share 
FleetBoston’s data processing 
workload and act as a disaster 
recovery site. IT workers at 
both facilities will be able to 


Sprint Exiting Web Hosting 


But Will Help Users Migrate 


| BY MATT HAMBLEN 
| Sprint Corp. last week an- 
| nounced that it will wind 


down its unprofitable Web 
hosting operations nation- 


| wide, making it the second 
| major vendor to exit that busi- 


ness this month. 

Sprint’s move came just one 
week after London-based Ca- 
ble & Wireless PLC said it 
would abandon the U.S. mar- 
ket for Web hosting services 
[QuickLink 38994]. Although 
they were disappointed by 
Sprint’s planned shutdown, 
some of the company’s cus- 
tomers said they’re relatively 
well prepared for the closing. 

“We may lose some sleep 


| over losing Sprint, but we’ve 


lost a provider before and 

had zero downtime,” said 
Chris Sloop, chief technology 
officer at AWS Convergence 
Technologies Inc. in Gaithers- 
burg, Md. He noted that AWS 
dropped Exodus Communica- 
tions Inc. as its Web hosting 





firm in 2001 after Exodus filed 
for bankruptcy protection, a 
process that resulted in its as- 
sets being bought by C&W. 
Within hours of Sprint’s an- 
nouncement, several of its ri- 
vals e-mailed Sloop with of- 
fers of replacement hosting 
services. He added that AWS, 
whose WeatherBug online 
weather alert service has 23 
million registered users, al- 
ready was splitting its Web 
hosting between Sprint and 
Verio Inc. in Englewood, Colo. 
Sprint said it will phase out 
Web hosting operations at 





www.computerworld.com 


VER atl Om MCN CRI CES CGH UTM Lane gg 


operate every key system, 
from network servers and 
routers to management soft- 
ware, Glenning said. 

Avivah Litan, an analyst 
at Gartner Inc. in Stamford, 
Conn., said operations center 
consolidations are “monu- 
mental” tasks. 


eight facilities located in At- 
lanta, Boston, Dallas, Denver, 


| Los Angeles, New York, Sacra- 


mento and Santa Clara, Calif. 
Two additional hosting cen- 
ters in the Kansas City, Mo., 
area and Reston, Va., will be- 
come corporate data centers 
that support other network 
services offered by Sprint. 
Sprint said its Web hosting 
revenue totaled about $60 mil- 
lion in the 12-month period 
that ended March 31. The com- 
pany said it will help hosting 
customers migrate to other 


| vendors before exiting the 


business. Sprint plans to lay off 
about 500 workers as part of 
the shutdown, with most of the 
cuts expected by year’s end. 
Penton Media Inc. in Cleve- 


8 ls Your Web Hosting Firm Shutting Down? 


Here are some tips on how to deal with a possible loss of service: 
= Put contingency plans in place, including backup service providers 
that you can quickly turn to if needed. 


® Review your contracts to determine what your exit rights are and 
what levels of service you're entitied to. 


= Don't automatically jump ship, because alternative hosting vendors 


could be facing business problems as well. 





&] management on Tivoli software and relocate management operations. 


On the plus side, consolida- 
tion efforts cut down on po- 
tential points of failure and 
should produce efficiencies by 
introducing an enterprisewide 
monitoring and alert system, 
Litan said. “The goal is to walk 
into a control room and see 
one network,” she added. D 


land has a two-year hosting 
deal with Sprint that expires 
in December, said Scott Pen- 
nock, manager of Internet 
development at Penton. 

Sprint hosts about 70% of 
the company’s Web sites, and 
Pennock said he’s a satisfied 
customer. But, he added, the 
planned pullout gives Penton 
“a wonderful opportunity to 
re-evaluate our strategy” of 
outsourcing so much of the 
online operations. 

The back-to-back with- 
drawals by Sprint and C&W 
are remnants of the dot-com 
collapse as well as the contin- 
uing clampdown on IT spend- 
ing driven by the gloomy 
economy, said Ted Chamber- 
lin, an analyst at Gartner Inc. 
in Stamford, Conn. He said 
Web hosting still isn’t a prof- 
itable business for many ven- 
dors, even though Gartner 
predicts that nearly $5 billion 
will be spent worldwide on 
hosting services this year. 

Sprint also recently named a 
new CEO and may be ridding 
itself of an unprofitable unit in 
hopes of attracting potential 
buyers, Chamberlin added. D 
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3Com to Lay Off 
10% of Workforce 


3Com Corp. plans to lay off 10% 
of its workers over the next six 
months, with the deepest U.S. 
cuts coming at its Santa Clara, 
Calif., location. The networking 
vendor had about 3,900 employ- 
ees at the end of its third quarter 
in February. The layoff announce- 
ment came two weeks after 
3Com warned that its fourth- 
quarter sales would be lower 
than expected. 


Dell, EMC Extend 
Disk Array Deal 


Dell Computer Corp. and EMC 
Corp. extended by two years a 
deal under which Dell resells 
Hopkinton, Mass.-based EMC’s 
Clariion disk arrays and manu- 
factures the low-end CX200 
model. The two companies said 
the agreement, originally a five- 
year deal when it was signed in 
late 2001, will remain in effect 
through December 2008. 


Investment Firm 
To Purchase Corel 


Corel Corp., which develops the 
WordPerfect office software 
suite and desktop graphics appli- 
cations, said it’s being acquired 
by San Francisco-based invest- 
ment firm Vector Capital Corp. 
for about $124 million (U.S.) in 
cash. Corel CEO Derek Burney 
said the Ottawa-based company 
is expected to remain largely un- 
changed, but he added that some 
layoffs are likely. 


Short Takes 


Dallas-based i2 TECHNOLOGIES 
INC. said that it has prepaid a 
$61 million promissory note and 
extricated itself from the lease of 
an office building that the strug- 
gling software vendor vacated in 
January. . . . San Francisco- 
based Linux server vendor PEN- 
GUIN COMPUTING INC. said it’s 
buying SCYLD COMPUTING 
CORP., an Annapolis, Md.-based 
maker of clustering software. 
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CeBIT America Debuts, 
Defying Show Slump 


Organizers halve attendance forecast; 
hope focus, format will provide appeal 





BY STACY COWLEY 
NEW YORK 
ITH MARKETING 
budgets drying 
up and trade- 
show atten- 
dance shrinking, this summer 
seems a quixotic time to 
launch a new IT conference. 
But this week, Germany’s 
CeBIT iibershow will make 
its U.S. debut, with an enter- 
prise focus and a European 
format that organizers are 
counting on to set it apart 
from its troubled brethren. 
The project has already 
suffered from the continuing 


| economic slump. A year 


ago, show organizer Han- 
nover Fairs USA Inc. forecast 
40,000 attendees for its debut 
of CeBIT America. Now, the 
company hopes to attract 
20,000. Exhibitor numbers are 
also lower than the 400 to 500 
originally forecast, with 361 
signed on. 

But show executives said 
they’re confident CeBIT 
America will prove its worth 
to visitors and vendors — 
confident enough to sign a 
five-year reservation contract 
with the Jacob K. Javits Con- 
vention Center in New York. 


B2B Focus 

CeBIT America will be a tight- 
ly focused business-to-busi- 
ness show. Instead of aisles of 
booths lining the show floors, 
organizers said they’re arrang- 
ing exhibitors into clusters of 
related technologies, with nu- 
merous lounge areas available 
on the floor to promote busi- 
ness discussions. 

Storage, networking and 
wireless products will be 
prevalent at the show. Hewlett- 
Packard Co. is planning to 
preview upcoming handheld 
devices and notebooks and 
will join with several partners 
to demonstrate new storage 





devices (see story below). 
Sony Electronics Inc. will fo- 
cus on storage as well, bring- 
ing new libraries and tape 
drives to the show. 

Microsoft Corp. plans to 
push its Tablet PC software, 
while 3Com Corp. will show 
firewall products and net- 
work management technol- 
ogy. PalmSource Inc. plans 
to make several announce- 
ments about new mobility, 
security and systems manage- 
ment offerings. 


Vote of Confidence 
Persuading vendors to spread 
their trade-show dollars 
around and take a chance on 
the debut of CeBIT America 
has gone fairly smoothly, ac- 
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EVE OF SHOW 


cording to organizers. “Most 
of the significant players have 
said yes to us,” said Mark Di- 
neen, managing director of 
CeBIT America. “That’s a 
huge vote of confidence.” 

One vendor said CeBIT’s 
brand name was an important 
factor in its decision to exhib- 
it. “They have a great track 
record, and we hope they'll 
be bringing that to the U.S.,” 
said Albert Chu, vice presi- 





www.computerworld.com 


dent of business development 
at Sunnyvale, Calif.-based 
PalmSource. 

The IT show market has 
been a harsh one lately. Event 
cancellations are common, 
and Comdex parent Key3- 
Media Group Inc. has filed “or 
bankruptcy protection. Com- 
dex’s former general manager, 
Bill Sell, defected and is head- 
ing brand and customer devel- 
opment for CeBIT America. 

According to Sell, CeBIT 
America isn’t expected to 
make a profit this year. Prince- 
ton, N.J.-based Hannover Fairs 
USA is prepared to give it sev- 
eral years to break even, he 
said. “It’s a long-term invest- 
ment,” Dineen added. 

“This is a completely differ- 
ent model, and people are re- 
sponding to that,” he said. “We 
just have to remember the fo- 
cus of the event: quality, qual- 
ity, quality; enterprise, enter- 
prise, enterprise.” D 


Cowley writes for the IDG News 
Service. Computerworld news 
editor Don Tennant contributed 
to this story. 
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sun’s Gosling Discusses State of Java 


BY CAROL SLIWA 

Sun Microsystems Inc. Vice 
President James Gosling, the cre- 
ator of Java, last week spoke 
with Computerworld 

about the company’s lat- 

est Java activities. Ex- 

cerpts follow: 


Those who have been to 

previous JavaOne confer- 

ences have noted the de- 

clining attendance. Do you 

think that signals waning 

interest in Java? J don’t 

think there’s any interconnec- 
tion between the population 
decline and what’s going on in 
the Java world. The socioeco- 


nomic state of the world pretty 
much explains everything, I 
think. If you talk to people 
about the energy of what they 
are doing, I actually 
think it’s higher today. 


Sun talked a lot about 
working to boost the Java 
population from 3 million 
to 10 million developers. 
Do you think that’s a real- 
istic goal? I think it’s a 
very realistic goal. It’s a 
tough one, and a lot de- 
pends on how you think of the 
goal. You've got this huge edu- 
cational system that is feeding 
the world with pre-educated 


Java developers. If you count- 
ed up all the people who have 


| learned to program in Java, we 
| are way ahead of 10 million. 


| Over what time frame will 10 mil- 


lion be achievable? I'd be happy 


| in five years. It wouldn’t be at 


all surprising if it happened a 


| lot faster than that. 


Like many companies, Sun is in- 
troducing a tool, code-named Proj- 
ect Rave, that seeks to reduce the 
complexity of developing in Java. 
Have you been involved in that? 


| Yeah. We tend to come out of 
| the gate with something that 


works really well at large 





scale, and at small scales it’s 
too complicated. ... So there’s 
a dual goal here. One is to 
make it so that the people at 


| the lower end can use a lot of 
| this infrastructure that was re- 


ally designed around high-end 


| deployments. There’s also this 


other subtext to it, which is 


; that the things that start small, 


if they succeed, they always 


| ~ . 
become large. So with these 


tools, you can do systems that 
start small, start easy, but they 
can grow up and turn into big 
sophisticated systems. D 


MOREGOSLING = 


To read the full interview with the father of 
Java, visit our Web site: 


QuickLink 39196 
www.computerworld.com 





Continued from page 1 
Java 


has reached the point where 
market pressure would ensure 
that no “bully” could succeed 
in introducing incompatible 
technology that could fracture 
a developer community that 
has grown to value Java’s con- 
sistency and interoperability. 

“My personal feeling is that 
we’re over the edge, but I also 
feel a little nervous about 
that,” Gosling said. “There are 
still all kinds of opportunities 
for mayhem.” 


Not Ready for Leap 

One prominent executive who 
isn’t ready to take the leap that 
Gosling favors is Jonathan 
Schwartz, executive vice pres- 
ident of software at Sun. He 
said the problem with open- 
source is the “tyranny of the 
volume leader.” 

“If Java was open-source, 
Microsoft could take it, deliver 
it as they saw fit and drive a 
definition of Java that was di- 
vergent from the one that the 
community wanted to be com- 
patible,” he said. “And to the 
victor would go the spoils of 
that nefarious action.” 

Sun formally established 
the Java Community Process 
(JCP) in 1998 to develop and 
revise Java technology, and it 
now claims that more than 650 
members participate. Under 





the JCP, intellectual property 
is protected by a license that 
requires anyone using a Java 
spec to demonstrate compati- 
bility with the technology’s 
reference implementation. 
Even though Sun has 
worked to make its standard- 
ization process more open — 
and, along with JCP members, 
to allow for more technologies 
to be made available under an 
open-source licensing and de- 
velopment model — it has yet 
to make core ele- 
ments of Java 
open-source, 
Gosling said. 
Sun’s lawsuit 
claiming that Mi- 
crosoft Corp. violated its 
contract by trying to intro- 
duce a version of Java that was 
incompatible with its speci- 
fications has made some col- 


|; leagues particularly sensitive 


to the open-source issue, 
Gosling said. He added that 
there are still enough differ- 
ences of opinion at Sun, which 
tends to be a consensus- 
driven company, that he can’t 
predict when or if Java will be 
made open-source. 

“There are days when I feel 
like it’s going to be tomorrow. 


There are days when I feel like | 


it’s going to be never,” Gosling 
said. “If I talk to the lawyers 
involved in the Microsoft case, 
I always come back complete- 
ly horrified, [thinking] if we 
ever do this, we’re screwed.” 








The open-source debate 


| over Java is nothing new at 
| Sun. Gosling and others at the 


company acknowledged that 
the discussion started long be- 
fore the growing popularity of 
the open-source Linux operat- 
ing system caused a commo- 


| tion in the industry. But the 


debate has heated up more re- 
cently, Gosling said. 

Rob Gingell, chief engineer 
at Sun and chairman of the JCP 


| program, said an argument 


APPLICATION 
Ta 


erupted via e-mail 
about a month ago 
among about 100 
Sun field engi- 
neers who work 
with customers. 


; On the open-source question, 


they wondered, “Why don’t we 
just say yes?” But he said that 


| on further examination, he re- 


alized that they were referring 


| more to the open-source style 

| of development than the intel- 
| lectual property issues associ- 
| ated with open-source. 


“Given its importance to the 
future of my company and our 
shareholders’ stake in our 
company, I’m not willing to be 


| risky with it,” Gingell said. 
| “I’m going to want to under- 


stand it and be able to be de- 
finitive about it within a rea- 
sonable risk profile before I’m 
willing to let that go.” 

Gosling said he didn’t be- 
come swayed that Java was 
ready for open-source until 
about a year ago, and he said 





he’s not convinced he’s right. 


| He said he has made his opin- 


ion known internally for quite 
some time, although he hasn’t 


| made a point of discussing his 


views publicly. 
“We actually do open-source 
a lot of stuff — but not the 


| core bits,” Gosling said. “And 


we've talked about slicing up 
the core so that some of it’s 
open-source, and by and large, 
that isn’t an easier problem 
than doing the whole thing.” 
Schwartz said the Java.net 
online community that Sun in- 


; troduced last week is “filled to 


the gills with open-source 


| projects with Java.” He also 


said that he, Gosling and oth- 
ers just published the Java Re- 
search License, which allows 

more open-source develop- 


| ment on core parts of Java. 





“Anyone who wants to ex- 
periment with core parts of 
Java — everything under the 
guts of the [virtual machine], 
the language constructs them- 
selves — is more than wel- 


| ~ . 
| come to do so,” Schwartz said. 
|; “But they can’t introduce them 


into the commercial domain.” 
Gosling, too, is well aware 
of the potential pitfalls if Sun 
takes the open-source step. 
“Open-source ways of dealing 
with software work really well 
so long as you get this sort of 


| collegial atmosphere,” he said. 


“If you happen to have a bully 
on the block who is really 
strong, it doesn’t work.” D 
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Opinions on 
Open-Source 
Java Mixed 
Some of the prominent ven- 
dors that work on Java 
standards through Sun 
Microsystems’ Java Com- 
munity Process (JCP) 

favor Java being turned 
over to the open-source 
community. Many corporate 
developers, however, have 
some strongly divergent 
opinions on the matter. 

The following is a sam- 
pling of these developers’ 
views: 

mw Clay Mathur, senior 
staff programmer, Charles 
Schwab & Co., San Fran- 
cisco: “When you're trying 
to make reusable code, it’s 
better to have standards. | 
prefer the standardization 
that the Java Community 
Process provides, rather 
than everybody doing their 
own thing.” 

w Ramu Kannan, director 
of information technology at 
Humana Inc., Louisville, Ky.: 
“Sun is not the company 
that it used to be. Java 
should be open. . . . Also, 
Sun is driving a lot of Java 
in a certain direction, which 
| don’t think the rest of the 
community may want.” 

ws Tom Van Atta, manag- 
er, Unix/Basis Services, The 
Scotts Co., Marysville, Ohio: 
“| think the JCP is the right 
way to maintain it. If it be- 
comes open-source, it'll be 
too hard to control.” 

m Bob Celmer, technical 
fellow, AutoZone, Memphis: 
“| would like to see it go 
open-source, because there 
are those of us who would 
like to have greater visibility 
into how the technology 
works - particularly with 
new things.” 

~ Carol Sliwa 


JAVA DEBATE 


Read what others have to say 
about the open-source Java issue: 
QuickLink 39201 

computerworld.com 
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Continued from page 1 
Audits 


sidiary plans to add a central- 
ized contract manager “who 
can also assist with compli- 
ance issues,” Kaul said. 

Jane Disbrow, an analyst at 
Stamford, Conn.-based Gart- 
ner, said IT departments gen- 
erally do a lousy job of moni- 
toring their software agree- 
ments. “If your tech support 
people are like most tech sup- 
port people, record-keeping is 
not their forte,” she said. 

Toyota Motor Corp. recent- 
ly inked a global desktop and 
server enterprise licensing 
agreement with Microsoft 
that’s supposedly “audit- 
proof,” said Charlie Clark, a 
technician at the automaker’s 
Toyota Technical Center USA 
Inc. unit in Ann Arbor, Mich. 

Microsoft enterprise license 
holders “are less likely to be 
audited” than other users of 


Continued from page 1 


RFID 


and standardization hurdles 
before widespread usage can 
begin. 

Wal-Mart’s move is expect- 
ed to result in the deployment 
of nearly 1 billion RFID tags 
with embedded electronic 
product codes (EPC) for 
tracking and identifying items 
at the individual crate and pal- 
let level, said Pam Kohn, vice 
president of the Bentonville, 
Ark.-based retailer’s global 
supply chain operations. 

But even Wal-Mart’s initial 
RFID effort will be narrowly 
focused. Although RFID tags 
can gather and track a variety 
of data related to products, 
materials and more, Kohn said 
Wal-Mart will concentrate at 
first on using the technology 
to improve inventory manage- 
ment in its supply chain. 

“We're still determining all 
the benefits,” Kohn said. “We 
don’t want to overburden our- 
selves.” She added, though, 
that even if Wal-Mart were to 
collect no new data with the 
RFID tags, the efficiency and 
accuracy with which items 





HOW TO 


Preparing for 
Software Audits 


CLOSELY COMPARE your 
software licenses with billing in- 
voices submitted by vendors. 


KEEP copious records of 
your software contracts to 
guard against possible errors 
by vendors. 


SPELL OUT your audit rights in 
contracts, including who will 
conduct and pay for an audit and 
how it will be done. 


DEMAND that you be given 
at least 30 days’ advance notice 
of a planned audit. 


STIPULATE that you should get 
at least 90 days to resolve com- 
pliance problems without incur- 
ring any financial penalties. 


SOURCE: GARTNER INC., STAMFORD, CONN. 


its software, noted Gartner an- 
alyst Alvin Park. But Park 
added that he has been told by 


can be tracked would be huge 
benefits in and of themselves. 

RFID uses low-powered ra- 
dio transmitters to read data 
stored in tags that are embed- 
ded with tiny chips and anten- 
nas. Proponents of the tech- 
nology say such “smart” tags 
can store more detailed infor- 
mation than conventional bar 
codes, enabling retailers and 
manufacturers to track items 
at the unit level. 

RFID tags have been avail- 
able for several years, but 
adoption has been slow be- 
cause the tags are more ex- 
pensive than bar coding and 
because standards are lacking 
to ensure interoperability be- 
tween tags and data readers. 

Gary Robertson, executive 
director of global infrastruc- 
ture at Delphi Corp., a Troy, 
Mich.-based maker of auto- 
motive electronics systems 
that uses RFID devices in its 
manufacturing operations, 
said Wal-Mart’s decision to 
deploy the technology “will le- 
gitimize it and push it into the 
mainstream.” 

“The fact that the largest 
company in the world is pub- 
licly adopting EPC open stan- 
dards should give companies 
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several Gartner clients that 
they were asked by Microsoft 
to conduct internal audits on 
server-based products that 
aren't covered by the enter- 
prise agreements, including 
SQL Server and server ver- 
sions of Windows. 

Rebecca LaBrunerie, a Mi- 
crosoft product manager for 
worldwide licensing and pric- 
ing, didn’t dispute Park’s com- 
ment. However, she did say 
that Microsoft has pulled back 
on the number of audits it 
conducts over the past year. 
“That doesn’t mean that we 
won't talk with our customers 
about how many licenses they 
have,” LaBrunerie added. 

Jacqueline Woods, vice 
president of global pricing and 
licensing strategy at Oracle, 
said the company has kept the 
number of customer audits it 
conducts steady at about 400 
annually for the past three 
years. That works out to less 
than one-tenth of 1% of Ora- 


confidence that the day of a 
single, interoperable RFID 
system is close at hand,” said 
Kevin Ashton, executive direc- 
tor of MIT’s Auto-ID Center 
in Cambridge, Mass. 

The Auto-ID Center is 
working with Uniform Code 
Council Inc. (UCC) in 
Lawrenceville, N.J., and EAN 
International in Brussels to 
develop a standardized EPC 
format for storing data on 


RFID’s Challenges 


PRODUCTION CAPACITY: 
ws Wal-Mart says it will need 
1 billion RFID tags in 2005 to 





cle’s installed base of 200,000 
customers, Woods said. In ad- 
dition, at least 25% of the au- 
dits Oracle does are requested 
by the customers themselves, 
she said. 

El Segundo, Calif.-based 
Candle Corp. confirmed that it 
has become much more ag- 
gressive about trying to curb 
piracy of its software. Since 
launching a formal program a 
year ago, Candle has audited 
more than 1,000 of its 5,000 or 
so customers, said Steve Ger- 
rity, assistant vice president of 
contracts and administration. 

“We view audits as a cost- 
effective way to defend our in- 
tellectual property,” Gerrity 
said. But he added that Candle 
has seen an increase of 1% to 
2% in revenue as a result of 
the audit program. 

Peter Beruk, director of an- 
tipiracy at Network Associates 
Inc. in Santa Clara, Calif., said 
the security software vendor 
has also recently increased the 


RFID tags. That effort got an- 
other boost last week when 
Microsoft Corp. said it will 
join AutoID Inc., a not-for- 
profit joint venture set up by 
UCC and EAN to oversee the 
still-evolving standards. 


Cost Possibly $50M 
Wal-Mart didn’t say how 
much the effort would cost it 
or its suppliers or whether 
new systems will be needed to 
support the technology. But 
even at the 5-cents-per-tag 
price that Wal-Mart said it 
plans to seek from vendors, 
the cost of the tags alone 
would total $50 million. 

According to the Auto-ID 
Center’s Web site, RFID tags 
typically cost at least 50 cents 
each, and RFID readers sell 
for $1,000 or more. Big compa- 
nies could require thousands 
of readers for all their facto- 
ries, warehouses and stores, 
the site says. 

Wal-Mart isn’t the only 
retailer putting its faith in 
RFID. London-based Marks & 
Spencer PLC, one of the U.K.’s 
largest retailers, is rolling out 
RFID technology in its food 
supply chain operations. The 
project involves putting 13.56- 


number of compliance-related 
audits it’s conducting. But it’s 
“not sending out audit letters 
to 50 customers a week,” he 
added. “We're doing this more 
on a case-by-case basis.” 

Even so, some attendees 
said the audit threat could 
hurt user-vendor relation- 
ships. “It’s like the vendor is 
saying, “We don’t trust you,’ ” 
said Pat Kitchen, director of 
IT administration and coordi- 
nation at Pactiv Corp., a Lake 
Forest, Ill.-based packaging 


manufacturer. DB 

& If your tech 
support peo- 

ple are like most 

tech support people, 

record-keeping is 

not their forte. 


JANE DISBROW, ANALYST, 
GARTNER INC. 


MHz RFID tags on 3.5 million 
new plastic trays used to ship 
products, according to Keith 
Mahoney, the company’s food 
logistics controller. 

Marks & Spencer has sub- 
jected the tags to a variety of 
temperature, moisture and 
distance tests before deploy- 
ing them, Mahoney said dur- 
ing a presentation at the con- 
ference. Although the lack of 
common RFID protocols and 
standards remains an issue, 
“we could not allow the lack 
of them to hang up the proj- 
ect,” he added. 

RFID can yield “a huge ben- 
efit” for some companies, said 
David Hutchins, senior direc- 
tor of enterprise systems at 
Kraft Foods North America 
Inc. in Northfield, Ill., and a 
member of the AutoID board. 
However, Kraft is still evalu- 
ating the technology’s poten- 
tial value in its own supply 
chain. “The first thing is figur- 
ing out the business case,” 
Hutchins said. D 


CHIP ISSUES 


Meeting Wal-Mart's RFID tag needs may 
not be easy, Texas Instruments warns: 


QuickLink 39182 
www.computerworld.com 
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Surveys Show No Big Boost Likely in IT Budgets This Year 


Forrester, Meta say many users plan to 
spend less than budgeted amounts 





BY THOMAS HOFFMAN 
Stock markets are strengthen- 
ing, and consumer confidence 
has increased in recent 
months. But thus far, those de- 
velopments aren’t having 
much of a positive impact on 
corporate IT spending plans. 
In fact, a respective 23% and 
30% of North American com- 
panies surveyed separately by 
Forrester Research Inc. and 
Meta Group Inc. said they plan 
to shrink their tech spending 
below the levels they had orig- 
inally budgeted for this year. 
Nearly 70% of the 700 re- 
spondents to Cambridge, 


Mass.-based Forrester’s survey 


| indicated that they’re holding 
steady on their IT budgets 
(see chart). But the survey re- 
sults, released this month, led 
Forrester to drop its overall 
2003 IT spending forecast 
from the 1.9% average budget 
increase it projected in De- 
cember to a mere 1.3% gain. 
“If you look at IT spending 
from a Buy, Hold or Sell per- 
spective right now, most com- 
panies are taking a Hold ap- 
proach,” said Howard Rubin, 
executive vice president at 
Stamford, Conn.-based Meta. 
The Meta study, which was 
completed last month and in- 
volved 500 companies, found 








NEWS 


that 41% of the respondents 
plan to leave their 2003 IT 
budgets unchanged. Rubin 
said the remainder were al- 
most evenly split: 30% plan to 
cut their budgets, and 29% in- 
tend to increase spending. 


Holding Steady 

The Hold approach to IT 
spending maps with Corning 
Inc.’s plans. “At this point, we 
aren’t changing our full-year 
target,” said Richard Fishburn, 
CIO at the Corning, N-Y.-based 
maker of optical fiber, cables, 
photonic technologies and 
other products. 

But Fishburn added that 
Corning’s IT budget called for 
higher spending in the first 
half of the year to fund ongo- 
ing productivity programs, 





Wert Oe 


Spending Outlook 


Se poicsian ts died shgnh: 
below or in line with your origi- 
nal IT budget for this year? 


BASE: 700 North American IT decision 
makers; total adds up to more than 
100% because of rounding 


——_——————— 
SOURCE: FORRESTER RESEARCH INC... 
CAMBRIDGE, MASS. 
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| such as the application of ISO 


9000 practices at the compa- 
ny’s global IT shared services 
center. In addition, Corning 
consolidated help desk activi- 
ties at three regional sites ear- 
lier this year. As a result, IT 
spending for the rest of the 
year will drop off from the 
first-half level, Fishburn said. 

Genesee & Wyoming Inc., a 
Greenwich, Conn.-based oper- 
ator of short-line and regional 
railroads, built a marginal in- 
crease into its IT budget this 
year. That’s because the com- 
pany’s annual revenue is pro- 
jected to grow by $20 million, 
and IT spending is pegged to 
equal 2% of revenue, said 
Mike Meyers, vice president 
of information management 
and technology at Genesee & 
Wyoming. Meyers added that 
he doesn’t expect any changes 
to be made to the budget. D 
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CRM Vendor Adds Development Hosting | 2:0 si sce recs ap 


BY MARC L. SONGINI 

CRM software vendor Sales- 
force.com Inc. has announced 
a hosted application develop- 
ment service that makes Web 
services technology and wide- 
ly used tools like Microsoft 
Corp.’s Visual Studio .Net 
available to software develop- 
ers via the Internet. 

Salesforce.com CEO Marc 
Benioff said users of the 
Sforce offering will also be 
able to access databases, a 
document management sys- 
tem and user authentication 
services without having to in- 
vest in or maintain any soft- 
ware themselves. San Francis- 
co-based Salesforce.com will 
support Sforce users with the 
same IT infrastructure that’s 
used to run its hosted online 
applications, he said. 

Sforce can be used to build 
homegrown systems or to cus- 
tomize Salesforce.com’s appli- 
cations and integrate them 
with third-party products, 
Benioff said. Monthly fees are 
$50 per user and $1 for each 
megabyte of data stored at 
Salesforce.com’s data center, 
although the first three users 
and 10MB are free for a year. 

Microsoft, Sun Microsys- 
tems Inc. and BEA Systems 
Inc. have agreed to support 
Sforce with their development 
tools, and Salesforce.com said 
a similar deal is in the works 
with Borland Software Corp. 
Sforce also incorporates XML 
and Web services standards 
like the Simple Object Access 
Protocol and the Web Services 
Description Language. 

Sforce sounds promising to 
Sheldon Tkatch, a senior proj- 
ect manager at Garrett Avia- 
tion Service Centers, a Tempe, 
Ariz.-based division of Gener- 
al Electric Co. The provider of 
airplane maintenance and 
modification services uses 
Salesforce.com’s applications, 
and Tkatch said he wants to 
tie them to Garrett’s Oracle 
customer database. 

Currently, linking customer 
data to the hosted applications 
is a time-consuming process 
that requires end users at Gar- 
rett to extract the information 


in batches or reports and then 
enter it manually. Doing the 
necessary integration work in- 
house would be “technologi- 
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Salesforce.com’s applications 
provide, she said. 

plication developers with the But Close added that she’s 
software-as-a-service concept. | not sure how much buy-in 

The service will most likely Sforce will get at first, outside 
appeal to large companies that | of companies that plan to use 
need more functionality than | Salesforce.com’s applications. B 


cally prohibitive,” Tkatch said. 

But that process looks more 

feasible with Sforce, he added. 
Wendy Close, an analyst at 
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OPINION 


MARYFRAN JOHNSON 


Larry’s Grandstand Play 


RACLE’S HOSTILE TAKEOVER BID for 

PeopleSoft has sparked a flurry of me- 

dia coverage in the past 10 days — pre- 

dictably so. The story has the classic 

elements of a made-for-TV movie: a 
dramatic surprise attack, high-stakes finance with 
antitrust overtones, executive power struggles and a 
quirky cast of combative CEOs. 


But the undisputed 
star of this show has 
been Oracle CEO Larry 
Ellison, an insatiable at- 
tention-seeker who ob- 
sesses over the tactics of 
Japanese feudal warlords 
and who shopped for his 
fourth wife on the Oprah 
show a few years back. 

Now he’s shopping for 
software market share 
and customer body 
count among People- 

Soft’s thousands of enterprise users, 
who play the sympathetic but large- 
ly helpless victims in this drama. 

Why victims? Because their fates 
are tied to what could become a 
dead-end software platform. 

Larry has made it clear he has 
zero interest in PeopleSoft’s portfo- 
lio of applications, strategic product 
road maps or even the technology 
fueling it all. So, if he sidesteps the 
potential antitrust concerns and 
kills off one of his main competitors, 
development of new PeopleSoft ap- 
plications will halt. And the in- 
evitable upgrade march to Oracle’s 
E-Business Suite software will begin. 

When CIO Jim Prevo of Green 
Mountain Coffee Roaster called that 
prospect “a disaster” [QuickLink 
38959] and predicted that Oracle 
ownership would “destroy much of 
what we value in PeopleSoft,” he was 
speaking for many of his peers. At a 
time when IT organizations are try- 
ing to standardize platforms, simpli- 
fy architectures and keep budgets 
under control, the specter of a forced 
migration off strategic business soft- 
ware is horrifying. 





But what does Larry 
care? On the customer re- 
lationship front, Oracle 
has a spotty record. The 
vendor has feuded pub- 
licly with its own user 
group, and two years ago, 
it was forced by vocifer- 
ous customer outrage to 
abandon a controversial 
database pricing plan. 

When news of the hos- 
tile bid broke, PeopleSoft 
CEO Craig Conway, an 

Oracle veteran, sputtered his outrage 
over “classic Larry bad behavior,” 
which included blabbing to the me- 
dia about supposedly secret talks the 
two had last year about merging. Just 
four days before Larry turned the 
spotlight on himself, Conway had 
announced a pending $1.7 billion ac- 
quisition of J.D. Edwards. That move 
was intended to catapult PeopleSoft 





over Oracle, making it the No. 2 
business software vendor behind 
SAP, which holds 54% of the market. 

That scenario now seems unlikely. 
Even if Oracle’s bid fizzles, it may 
undermine PeopleSoft’s future — 
especially in the eyes of potential 
customers. As Wall Street analysts 
noted, the bid increases the percep- 
tion that PeopleSoft is in trouble and 
sows confusion and doubt among 
customers and prospects. Checking 
out a vendor’s financial stability is a 
standard business practice for CIOs 
today, and PeopleSoft just got 
pushed into the wobbly red zone. 

I asked an expert on IT sourcing 
what PeopleSoft customers could do 
to protect themselves if Oracle has 
its way, and unfortunately, there isn’t 
much. Bart Perkins, a managing 
partner of Leverage Partners and a 
Computerworld columnist, said that 
the best customer protections reside 
in the software contract. A good one 
will include explicit performance 
metrics and service guarantees, de- 
tails about promised functionality 
and a promise of product support 
for a certain number of years. 

But product plans and support can 
blow up quickly after an acquisition, 
so that piece of paper may be worth- 
less if Larry’s grandstand play suc- 
ceeds. Here’s hoping it doesn’t. D 
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PIMM FOX 


Site Monitors 
Get Real 


E KNOW the value 

of system manage- 

ment software that 
monitors the performance 


and availability of Web sites. 
The goal is to keep sites and robust ap- 
plications up and running within ser- 
vice parameters set by business and IT. 

But most of the performance tools 
provide synthetic measurements. 
They score a site or application 
against a set of scripts or conditions 
created by the IT department to mir- 
ror users and transactions. For exam- 
ple, if a customer goes to a travel site 
and types in a query, the measurement 
software will acknowledge that the 
site is running as long as the customer 
gets an answer. But there’s no way of 
knowing if the information was indeed 
what the customer wanted. 

Until now. 

Complementing 
traditional system 
management tech- 
nology available 
from the likes of 
Mercury Interactive 
is software from San 
Francisco-based 
TeaLeaf Technology 
Inc., a spin-off from 
SAP. Designed to 
monitor actual site 
and application ex- 
perience, IntegriTea aggregates infor- 
mation about the application and de- 
termines if it’s returning appropriate 
data. Already on board are Priceline.- 
com, Citizens Bank of Rhode Island 
and Mary Kay Inc. 

IntegriTea applies a filter to the Web 
server and clones information when it 
hits the server. A copy of each request 
is made and pushed to an IntegriTea 
server, which generates a cookie for 
each session. This makes it possible to 
follow the application trail of the user. 
The results are assembled visually so 
you can record the page a visitor was 
on, his IP address, the ports, the 
browser type — almost any informa- 
tion you’d want from a user session. 

Event modeling permits preset 
alerts, so if, say, 10 transactions fail to 
reach completion within a specific pe- 
riod of time, you can be alerted. Iden- 
tifying problems early and specifically 
also makes it easier to effect fixes. 
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SPECIAL ADVERTISING SUPPLEMENT 


Managing and Securing 
Mobile & Wireless Resources 


As the mobile workforce continues to grow, IT organizations 
turn to new tools that let them support a dizzying array of devices 


nterestingly, both vertical enterprise workers 


(such as healthcare, education and financial 


services staff) and horizontal enterprise work 


ers (such as consultants and sales representa 


tives) will soon make up a predominantly mobile 


workforce. According to research firm IDC, more than 


two-thirds of all U.S. employees will be classified as 


mobile by 2006. 


Mobile workers will travel and 
work in various private and public 
environments, such as campus build 
ings, industrial plants, client sites, air 
port executive lounges, hotel rooms 
and their resi 
dences. They will 
seek wired and 
wireless data net 
work access ove! 
often unreliable 
unsecured and 
bandwidth-constrained connections 
to maintain their mobile productivity 

Consequently, the enterprise net 
work will be extended into campus 
and mobile environments to provide 


these workers seamless access to 


their mission-critical enterprise 
applications, email, personal informa 
tion managers (PIMs), corporate 
databases and other mobile resources 
This means IT managers and help 
desk staff will have to extend their 
own services into the same campus 
and mobile environments to support 
not only mobile workers’ data access 
needs, but also a proliferation of 
mobile and wireless devices. 
According to Framingham, Mass 

based IDC, there will be over 112 mil 
lion enterprise mobile devices for IT 
support stalf to service in 2004. Many 
of the devices, such as personal digital 
assistants (PDAs) and smart phones, 


cost up to $500. 


However, due primarily to the 
inefficient extension of IT support in 
mobile environments, the total cost of 
ownership (TCO) of mobile and 
wireless resources often equals five to 
10 times the average capital cost of the 
devices themselves. For example, 
Stamford, Conn., research firm 
Gartner Inc. estimates the TCO for a 
PDA at $2,700, but that cost soars to 
$4,400 if the PDA is enabled with a 
wireless adapter 

Various mobile resource manage 
ment (MRM) solutions address the 
data communication and computing 
needs of the mobile workforce and 
relieve related support pains. MRM 
refers to the “lifecycle management” 
of mobile, wireless and remote 
devices and related software, content 
and data, with a primary focus on 
enterprise applications. MRM solu 
tions centralize mobile resource man 
agement, drive increased mobile 
workforce productivity and decrease 


the TCO for mobile resources 


MRM Market 


As the mobile workforce increases 
and mobile and wireless devices pro 
liferate, the MRM market is expected 
to grow at a proportionately high 


rate. IDC estimates it will top $715 
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Do you know where your sensitive 
company information is? It's 
everywhere your people are — because it 
travels with them in mobile devices such 
as laptops, PDAs and smart phones. 


How many such devices are used by 
your Staff? That's hard to say — because 
many are personal devices in which 
company data has been stored. 


Is this information vulnerable? 
Certainly —because mobile devices are 
lostand stolen every day. 


Mobile devices have improved 
productivity, butthey have alsoledtoa 
loss of control over one of your 
company's most valuable 
assets—information. What was once 
protected by network security is now 
stored on these highly-vulnerable 
devices 


Fortunately, you can regain control with 
CREDANT Mobile Guardian from 
CREDANT TECHNOLOGIES, the premier 
provider of mobile security software. 
CREDANT Mobile Guardian detects, 
secures and manages laptops, PDAs 
and smart phones — and the thousands 
of people in your company who 
potentially use these devices. 


CREDANT Mobile Guardian represents 
the most comprehensive platform for 
filling the dangerous security gap 
created by mobile devices. It does this 
by focusing on, and protecting, the 
information stored within them. 


By performing critical security 
functions, centralizing policy 
management and ensuring ongoing 
compliance to corporate security 
policies, CREDANT Mobile Guardian 
lets you unleash the power of mobility — 
without relinquishing control. 


Go to www.credant.com for more 
information and a schedule of 
product webinars. 


CREDANT <& 
TECHNOLOGIES 


T: 972-458-5400 

T: 1-866-CREDANT 
F: 972-458-5454 
info@CREDANT.com 
www.CREDANT.com 


© 2003, Credant Technologies Corporation 








Shield sensitive 
company information 
from exposure 
anywhere, anytime. 
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million in revenues by 2006, a 42.69 
compound annual growth rate over 
$121.3 million in 2001. Similarly 
Gartner forecasts a five-year growth 
rate of 40% in MRM market rev 
enues, from $135 million in 2000 to 


$750 million in 2005 


MRM Solutions 


MRM solutions implement prod 
uct lifecycle management and help 1 
control and centralize the monitor 
ing, recording, installing, configuring 
and upgrading of mobile, wireless 
and remote device systems, opera 
tional software and mission-critical 
applications. The primary MRM fea 
tures are systems management, soft 
ware management, data management 
security management and centralized 
administration 

MRM © solution — architecture 
includes a server, a management con 
sole, a proxy service and a device 
client. The MRM platform can_ be 
integrated with legacy management 
systems like authentication servers 
(e.g. RADIUS), user directory servers 


(e.g. LDAP) and desktop manage 


ment plattor ms (such as Microsoft's 


Systems Management Server, or 
SMS). Figure | shows a typical MRM 
wehitecture, this one from Credant 
Technologies’ CREDANT Mobile 


Guardian (CMG) system diagram 


MRM Vendors 


As Figure 2 shows, MRM vendors 
consist of heritage desktop manage 
ment (e.g. Novell or Tivoli), remote 
control (e.g. Altiris or XcelleNet) and 


database synchronization (e.g 


Synchrologic or Sybase) solution 
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Figure 1. Typical MRM architecture - Credant's CMG solution 
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Source: MobileTrax 


providers—collectively known as 
“mobile device management” vendors 

in addition to mobile device securi 
ty vendors, such as Wavelink and 
Senforce Technologies 

Most MRM vendors have extend 
ed their heritage product features to 
provide end-to-end MRM solutions 
including security features. These 
extended MRM features are added to 
vendors’ product suites through 
internal research and development, 
cross vendor licensing and merger 
and-acquisition strategies. For exam 


ple, Novell, a heritage desktop man 


Sync at Home 
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Internet 


Firewall 


CMG Enterprise Server 


Existing LDAP Solution 
[aps ][ evic |{ gue J] erc.. 
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CMG Components 
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agement vendor, acquired Callisto, a 
heritage remote control vendor, to 
extend Novell’s ZENworks product 


functionality 


Systems Management 

Systems management functions 
allow IT support staff to deploy, man 
age and troubleshoot mobile and 
wireless systems Key systems man 
agement functions include asset man 
agement, operating systems migra 
tion and license management 

e@ Asset management. Asset 


management functions enable the 
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monitoring, trac king and report Ing ol 


and wireless hardware and 


software. The data is stored 


(ODBC) 
| 


such as 


mobile 
in Open 
Database Connectivity 
compliant data sources 
Microsoft SQL Server, for the purpos 
management, software 


es of license 
deployment and TCO management 
@ Operating system migration. 
Operating system migration provides 
a pre-migration assessment of the 
user’s software and hardware land 
scape, including a snapshot of the 
computer personality setting. Post 
migration status reporting and secu 
rity patching are also used after the 


installation is complete and the pet 


Figure2._ MRM Vendors 
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sonality settings are restor Most 


tions 


current operating syste1 
involve upgrades of Windows 9X/NT 


to Windows 2000/XP 


@ License management. License 


management functions 
auditing of user device 
the status of their s¢ 
Sottware usage intort 
determine th 
ipplications, as well 
and unused softw 


\ 


tracts can be ma 


soltwat 


litionally 
notification policies 
licensing amounts have | 


ed, as often happens 


Software Management 


Soitware management fur 


IT support staff to prov 


‘ie et 
troubleshooting 


mobile and 


wireless operating soit 


ind mission critical applic 


ware 


tions software man 


Key 


functions include software instal 


suration and 


tion and updates, config 


troubleshooting 


@ Installation and updates 
Software installation and updates can 
be planned based on asset mat 


ment information and user profiles 


Queries can be used to group mobile 


ind wireless devices that contain 
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Aether Systems 

AirPrism 

Altiris 

Bluefire Security Technologies 
Credant Technologies 
Extended Systems 

IBM Tivoli 

ManageSoft 

Marimba 

Mobile Automation 
Novadigm 

Novell 

ON Technology 

Pumateck 

Rapport Technologies 
Senforce Technologies 
Sybase 

Synchrologic 

Targus 

Vaultus 
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XcelleNet 


Source: MobileTrax 
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newly installed software or require 


software upgrades, and automatic 


installations can be scheduled. For 


example, Rapport Technologies’ 
Rapport 4.0 can update the client 
down to the BIOS level — a new level 
of update capability 

@ Configuration. Devices can be 
contigured to ensure a standardized 
and authorized deployment of soft 
ware and to eliminate employee 
installed applications and related 
rogue applications. Device buttons, 


menus and power settings can also be 


configured 

@e Troubleshooting. 
Troubleshooting functions include 
the monitoring of installed software, 
the detection of missing or corrupted 
files and the distribution of software 
patches and replacement of missing 
files—all completed in the back 


ground of a communication session 


Data Management 


Data management functions allow 


IT support staff to ensure reliable 
data transmission across various data 
networks, such as wired and wireless 
LANs and WANs and the Internet 
Key data management functions 
include database synchronization, 
bandwidth management, data com 
pression, checkpoint restart and 
byte-level differencing. 

@ Database synchronization. 
This allows for wired and wireless 
synchronization of mission-critical 
data and applications, such as PIMs 
and email, and includes backup-and 
restore functionality 

@ Bandwidth management. 


Bandwidth management functionali 
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ty enables background diagnostic 
analyses, software upgrades and file 
transfer by allocating limits to the 
amount of bandwidth used during a 
communication session 

@ Data compression. This is 
automatically implemented based on 
the bandwidth limitations of the 


wired or wireless connection 


As a significant 
number of vertical 
and horizontal enterprise 
workers travel and work 
in mobile environments, 
IT support staff will 
have to provide them 
with seamless, secure 
mission-critical data 
and applications. 


e Checkpoint restart 
Checkpoint restart enables inter 
rupted data transmissions to resume 
at the point of interruption when a 
wireless connection is lost 

@ Byte-level differencing. This 
differencing enables changes and 
updates only (as opposed to entire 
files) to be transmitted during file 


distribution 


Security Management 
Security management functions 


allow IT support staff to implement 


data, user, device and network securi 
ty based on mobile and wireless secu 
rity policies. Wherever possible, the 
security policies should be integrated 
with wired security policies and 
should be designed to adapt to chang 
ing environments. Security manage 
ment functions include data encryp 
tion, user authentication, location 
aware Management, theft protection 
and other popular desktop PC securi 
ty solutions 

@ Data encryption. Mission 
critical data is protected during 
transmission using HTTP and Secure 
Socket Layer (SSL)-based encryption 
methods. The Advanced Encryption 
Scheme (AES), a U.S. government 
approved data encryption algorithm 
(up to 256-bit key security), will soon 
replace other limited encryption algo 
rithms such as the RC4 stream cipher 
in wireless LAN systems 

@ User authentication. User 
information stored on directory 
servers, such as Microsoft Active 
Directory, can be used to grant users 
access to mission-critical applica 
tions and data 

@ Location-aware manage 
ment. Device security solutions 
should be location-aware and auto 
matically open and close the device's 
adapter ports, based on the changing 
environment, the user's service pref 
erences and the security policies 

@ Theft protection. Biometric 
access (e.g. fingerprint reader), 
motion sensors and power-on pass 
words protect idle and unattended 
devices from potential theft 

@ Desktop PC security solu- 


tions. Popular desktop PC security 
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solutions, such as virtual private net 
works (VPNs), personal firewalls and 
anti-virus software applications, can 
be implemented by IT organizations 


to protect the mission-critical data 


ind applications on mobile comput 


ing dev Ices 


Centralized Administration 

The centralized administration of 
today’s MRM solutions can help IT 
support staff efficiently and effective 
ly control the management of mobile 
resources. Centralized administra 
tion functions include console man 
agement, remote control and legacy 
platform integration 

@ Console management. A man 
agement console allows IT support 
staff to deploy, manage and update 
systems, software and data from a 
Web-based interface 

@ Remote control. Remote-con 
trol software enables IT support staf 
to view, operate, diagnose, configure 
and maintain mobile and wireless 
devices over the Internet or a wireless 
network using a centralized console 
und without user intervention. The 
function has traditionally been used 
to control remote machines, such as 
point-of-sale terminals, kiosks and 
utility meters 

@ Legacy platform integration. 
MRM solutions should always be 
integrated with desktop management 
platforms in order to ensure the cen 
tralized and consistent policy-based 
management of both fixed and 
mobile enterprise resources. Legacy 
platforms include management 
servers (some examples — include 


Microsoft's SMS and Hewlett 
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Packard Co.'s OpenView Service 
Desk) in addition to directory servers 
such as LDAP and Microsoft's Active 


Directory 


Conclusion 


\s a significant number of vertical 
and horizontal enterprise workers 
travel and work in mobile environ 
ments, IT support staff will have to 
provide them with seamless, reliable 
and secure mission-critical applica 
tions and data. Moreover, IT organi 
zations will be faced with the chal 
lenge of supporting a proliferation of 


mobile and wireless devices, remote 


terminals and nearly endless related 
operating software 

The rapidly expanding universe of 
MRM solutions, which include sys 
tems management, software manage 
ment, data management, security 
management and centralized admin 
istration features, will greatly help 
enterprise IT organizations efficient 
ly procure, deploy, configure, monitor, 
upgrade and secure mission-critical 
mobile resources. The MRM _ solu 
tions will efficiently manage and 
secure mobile resources, resulting in 
an increase in mobile worker produc 


tivity and a decrease in TCO.% 


About MobileTrax 


MobileTrax LLC is a Cupertino, Calif.-based professional services 
firm that focuses on the mobile computing and wireless data com- 
munications markets. MobileTrax provides market research and 
consulting services regarding the enterprise and consumer mar- 
kets. The MobileTrax Enterprise IT Service provides vendor-spon- 
sored monthly in-depth reports regarding important mobile and 
wireless topics, including “What IT Needs to Know,” which gives IT 
groups specific recommendations on what they must know to suc- 
ceed in mobile and wireless deployments. 

MobileTrax publishes two free industry newsletters. “Inside 
Mobile” provides editorial analysis and insights regarding impor- 
tant topics in mobile and wireless and is published on the first and 
third Mondays of the month. “Mobile Letter” covers insights 
regarding new products and services and is published on the sec- 
ond and fourth Mondays of the month. For more information, visit 
www.mobiletrax.com or call (650) 248-9366. 

MobileTrax is headed by J. Gerry Purdy, Ph.D., a globally recog- 
nized authority on mobile computing and wireless data communi- 
cations. Dr. Purdy is also a General Partner at Diamondhead 
Ventures, an early-stage venture capital firm. 
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MRM: An IT Support 
Staff Perspective 


any enterprise IT support staffs aren't pre 


pared to enforce mobile and wireless secu 


rity policies; efficiently provide seamless 


access to mission-critical applications and data; and 


support the proliferation of mobile and wireless de 


vices. MRM solutions address the mobile and wireless 


“ 


pains” of enterprise IT support staffs, as demonstrated 


by the following deployments. 


$.H. Leggitt: Centralizing the 
Management of Handhelds 

The increased use of handheld de 
vices by the mobile workforce pres 
ents various challenges to IT support 
staffs. They must manage their mobile 
and wireless inventories and deploy, 
upgrade and maintain the mission 
critical applications and content 
from a central management console 

S.H. Leggitt is an industrial prod 
ucts manufacturer. The company is 
headquartered in San Marcos, Texas, 
and provides IP gas regulators, hose 
assemblies, custom brass fittings and 
plumbing components for the LP gas, 
RV and plumbing markets. Naturally, 
the company employs a significant 
number of consultants and sales rep 
resentatives, many of whom use 
handheld devices 

S.H. Leggitt needed an MRM solu 


tion that could centralize and re 


motely manage its handheld device 
usage, licensing and memory status 
as well as upgrade and distribute its 
mission-critical documents and con 

tent to the mobile workforce. After 
evaluating several solutions, the com 

pany selected Novell's ZENworks for 
Handhelds solution to address its 
mobile and wireless “pains.” 

Novell ZENworks for Handhelds 
provides automated management of 
handheld devices to increase mobile 
workforce productivity and to re 
duce TCO. ZENworks for Handhelds 


provided the S.H. Leggitt IT support 


eee 
staff with the following benefit: 

@ Remote management and secu 
rity of the handheld devices through 
a central management console 

@ Systems management, including 
inventory tracking; software license 
auditing and upgrades; and system 


memory monitoring and upgrades 


@ Software management, includ 
ing the configuration of standardized 
buttons, menus and settings on the 
mobile devices and the remote deliv 


ery of PDF formatted content 


INTEGRIS Health: Managing the 
Security of PHI 


Medical staffs use PDAs to re 
trieve, store and update protected 
health information (PHI). If the 
handhelds aren't properly managed 
and secured, the PHI stored on them 
may be carelessly exposed or lost 

The Health Insurance Portability 
and Accountability Act (HIPAA), 
which was enacted to enforce the 
privacy and security protection of 
consumers’ electronically transmit 
ted medical information, will impact 
many healthcare service providers 
and their ability to competitively 
provide managed and secured mobile 
and wireless services 

INTEGRIS Health is a healthcare 
management operation. The compa 
ny is based in Oklahoma City and op 
erates various medical facilities 
throughout the state 

INTEGRIS Health needed an 
MRM solution that would enable it 
to enforce its wireless security poli 
cies, support various handheld de 
vices and comply with HIPAA. The 
company selected Credant Technolo 
gies’ CREDANT Mobile Guardian 


solution to address its mobile and 
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wireless “pains.” 
CREDANT Mobile Guardian 
(CMG) addresses security issues 
with centrally managed policy ad 
ministration and on-device user au 
thentication and policy enforcement 
CMG prov ided INTEGRIS IT sup 
port staff the following benefits 
@ User- and role-based mobile and 
wireless security policy enforcement 
@ User authentication (e.g. PINs 
or passwords), including self-service 
reset options and the encryption of 
data residing on corporate databases, 
and removable CompactFlash cards 
@ Automated installation and up- 
date of software during synchroniza- their heritage features (e.g. 
tion and the purging of PHI from lost; ste abltytoprvie a end t-<nd MRM 
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MRM: A Mobile 
Worker Perspective 


obile sales and service workers need real 


time access to enterprise networks and 


databases to provide just-in-time sales 


and services based on customers’ personal attributes 


and histories. They also need reliable and transparent 


troubleshooting and maintenance support. MRM so 


lutions address the mobile and wireless “pains” of mo 


bile workforces. 


Tulsa Dental: Enabling Personalized 
Mobile Product Sales 

Mobile sales workforces use mo 
bile and wireless devices to provide 
product sales and related value-added 
services. These road warriors need re 
liable and frequently updated client 
information that can be accessed at 
regular intervals and customized to 
drive incremental and repeat sales 

Tulsa Dental, a division of 
DENTSPLY International, is a med 
ical equipment supplier. The compa 
ny is headquartered in Tulsa, Okla., 
and provides endodontic products to 
dentists. Its field sales representa 
tives sell directly to dentists. Their 
broad line of offerings includes edu 
cational course enrollment, product 
literature, dental supplies and equip 
ment for dentists’ offices 


Tulsa Dental needed an MRM so 


' 


lution that would enable its mobile 
workforce to efficiently gather sales 
orders from the field; periodically 
synchronize the content with the en 


terprise database back at headquar 


Tulsa Dental needed an 
MRM solution that would 
enable its mobile work- 
force to gather sales 
orders from the field, 
synchronize with the 
enterprise database and 
receive updated client 
information. 


ters; and receive updated product, 
service and client information. The 
company selected Synchrologic’s 
Mobile Suite solution to address its 
mobile and wireless “pains.” 

Synchrologic Mobile Suite helps 
companies lower the total cost of 
ownership of mobile devices while si 
multaneously providing controlled 
access to the mission-critical infor 
mation needed by workers to stay 
productive in mobile environments 
Synchrologic Mobile Suite provided 
the Tulsa Dental mobile workforce 
with the following benefits 

@ Periodic or immediate transmis 
sion and retrieval of mission-critical 
customer information through syn 
chronization functions. 

@ Current customer information, 
including sales histories and product 
and literature orders. 

@ Value-added service capabili 
ties, such as educational course en 
rollment and mobile credit card 
billing 


Federated Insurance: Providing 
Real-Time Mobile Customer Service 
Mobile service workforces require 
updated product or service informa 
tion in order to provide the superior 
customer service required by enter 
prises seeking to compete in the chal 
lenging economy that has held sway 
for the past three years. Therefore, 
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these mobile professionals need to re 
trieve updated service policies, docu 
mentation and forms in real-time if 
they are to respond as quickly and ac 
curately as possible to their cus 
tomers’ questions, concerns and 
needs while in mobile environments. 

Federated Insurance is a mutual 
property and casualty insurance 
provider. The company is headquar 
tered in Owatonna, Minn., and spe 
cializes in business insurance for a 
wide variety of vertical markets. All 
told, the company employs more than 
200 field marketing and_ service 
staffers, who provide in-person poli 
cy sales, loss prevention education 
and claims resolution. 

Federated Insurance needed an 
MRM solution that would enable its 
mobile workforce to efficiently ac 
cess the corporate intranet and 
download updated policies, forms, 
contracts and ot ission- critical 
content. After evaluating a broad 


cross-section of potential solutions, 


What Mobile Wo 


Mobile workers must be able 
to access mission-critical appli 
cations, content and data to 
maintain their sales productivity 
and to ensure superior customer 
sales and service. Key MRM 
strategies mobile workers need 
to know are: 

@ Access mission-critical ap 
plication, content and data with 
a Web-based interface that is in 


ated with and similar to their 


the company selected XcelleNet’s 
Afaria solution to address its mobile 
and wireless “pains.” 

XcelleNet Afaria provides mobile 
and wireless systems and software 
management functions that bring not 
only greater efficiency, but also in 
creased productivity and significant 
ly improved user satisfaction. Afaria 
provided the Federated Insurance 
mobile workforce benefits that in 
cluded the following: 

e Rapid access to mission-critical 

yxcuments and applications using the 
same Web-based intranet interface 
that’s used by desktop PC users. 

@ Automated, seamless and effi 
cient updates of mission-critical doc 
uments and software applications us 
ing such tools as byte-level differenc 
ing and checkpoint-restart functions. 

@ Automated Web-based trou 
bleshooting, including the back 
ground reporting, repair and replace 
ment of any files that are corrupted 


or missing 


ers Need to Know 


desktop management infrastruc 
ture and interfaces 

@ Retrieve only the updates or 

inges in mission-critical docu 
ments or content through effi 
cient data management func 
tions, such as checkpoint-restart 
and byte level differencing. 

@ Troubleshoot and repair mo 
bile device systems transparently 
through background monitoring 


and maintenance functions 
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Real-time monitoring can also be a 
boon in fraud detection. An online 
music retailer was able to watch for 
instances of fictitious credit card gen- 
eration via overseas IP addresses. The 
software foiled an attempt to ping the 
server with randomized credit card 
numbers by checking failed entries 
within a three-hour time period. 

Yet another use for this technology 
is monitoring low-volume, high-dollar 
business-to-business transactions to 
ensure that customers are always get- 
ting the information they want. A 
manufacturer of drill presses is using 
it to keep watch on inventory, delivery 
dates and suborders for components. 

Traditional monitoring software, 
akin to a closed-circuit TV camera, is 
still necessary, but it’s no replacement 
for having a live guard keeping watch. 
And more important, one who takes 
notes you can act upon. DB 


DAVID MOSCHELLA 


IT Mature? 
Think Again 


AS THE IT industry 

lost faith in itself? In 

April, Larry Ellison 
told The Wall Street Journal 


that the computer industry “is 
as large as it’s going to be.” Google’s 
Eric Schmidt and others are making 
comparisons to historical market bub- 
bles involving canals and railroads, 
which were followed by relatively 
humdrum periods. Perhaps most ag- 
gressively, in a controversial Harvard 
Business Review article, editor at large 
Nicholas G. Carr argues that IT does- 
n’t even matter anymore, and that it’s 
rapidly losing its ability to deliver 
competitive and strategic advantage. 

This type of pessimism has emerged 
during every prolonged IT market 
downturn. For example, in the late 
1980s, when the U.S. economy seemed 
to have lost its edge, IT got much of 
the blame. I remember meeting with 
senior executives at IBM, who were 
pondering a study from a large man- 
agement consulting firm that had con- 
cluded that IT really wasn’t such a 
great business to be in and that IBM 
should prepare itself for a low-growth 
and low-profit future. 

But it’s been more than three years 
since the collapse of the Internet bub- 
ble, and it’s time for all of us to put 
our hair shirts back in the closet. A 
practical first step would be to stop 








referring to the IT industry 
as “mature,” which Web- 
ster’s defines as “having 
completed natural growth 
and development.” Does 
anyone really believe that 
these words apply to our 
business? 

The most obvious flaw in 
this surprisingly widespread 
idea is its total lack of global 
perspective. The U.S., with 
5% of the world’s popula- 
tion, accounts for some 40% 
of the global IT business. 
How could anyone use the 
word mature to describe the state of 
IT usage in India, China, Russia, Brazil 
and many other countries? Indeed, if 
someday the rest of the world invests 
in IT at even half the current per capi- 
ta rate in the U.S., the global IT indus- 
try would more than triple. 

I'll give pessimists the benefit of the 
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doubt that when they de- 
scribe the IT industry as 
mature, they are really just 
talking about the U.S. and 
perhaps a handful of other 
developed nations. But 
even here, their arguments 
can’t withstand much 
scrutiny. Consider the con- 
sumer market, where radi- 
cal changes can be expect- 
ed once high-bandwidth 
Internet, 3G-style wireless 


and home network systems | 


are widely in place. 

Even in business, maturi- 
ty is the wrong word. Industry re- 
searchers say IT spending now ac- 
counts for 7% to 9% of the U.S. econo- 
my. But as more business is digitized 
and more tasks go online, is it really so 
hard to imagine that in seven to 10 
years, IT-based activities could com- 


| prise, say, 15% to 20% of overall eco- 


aA as 





nomic activity? Such a shift would al- 
low today’s U.S. IT business to more 
than double. And mature industries 
don’t double every seven to 10 years. 
The reality is that IT isn’t just a sep- 
arate economic sector like manufac- 
turing, retail or insurance; it’s an in- 
creasingly essential part of nearly 
every industry. It also remains the sin- 
gle largest source of business innova- 
tion and competitive advantage. IBM’s 
Sam Palmisano got it right recently 
when he said IT spending can consis- 
tently grow from roughly 1.8 to 2.3 
times the rate of the overall economy. 
Over time, this will result in a vast 
new IT landscape, which will make to- 
day’s “mature” industry look primitive 


by comparison. DB 
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More columnists and links to archives of previous 
columns are on our Web site 
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More Than Techies 


S A SENIOR IT executive (CIO), 

lam constantly amazed at the 
cry for “business-savvy IT execu- 
tives” [QuickLink 38152]. That's be- 
cause my experience has been that 
when IT managers attempt to exer- 
cise business savvy, they are polite- 
ly but firmly informed by word or 
deed that they are just “technical 
people.” It is an empty cry offered 
by people of little insight and less 
business acumen. 
James D. Wells Jr. 
Norwich, Conn. 


Fair Trade 


HE ARTICLE “Group Touts Ver- 

mont as Outsourcing Alterna- 
tive” [QuickLink 38198] and the re- 
lated box on New Jersey illustrate 
the self-obsession with which 
American businesses and legisla- 
tors view international trade in gen- 
eral and the North American Free 
Trade Agreement in particular. 

The balance of payments in IT 
hardware and software between 
the U.S. and Canada is overwhelm- 
ingly in favor of the U.S. Trade be- 
tween the two countries in the area 
of IT services is dramatically small- 
er, and the balance of payments 
between the parties is somewhat 
more equitable. 

Why must Canadians suffer 
punitive U.S. attitudes, business 
practices and legislation whenever 


| believe. IT singing its own praises is 


| Dallas 





a small part of the cash flows the 
other way? Must you have all of 
your money and most of ours too? 
T. Reynolds 


Ottawa 


Regaining Luster 
HOMAS HOFFMAN and Gary H. 
Anthes are right on with their 

“Tarnished Image” piece [Quick- 

Link 38043]. IT has a big credibility 

problem in most enterprises. Com- 

bine that with offshoring and a 

weak economy, and the IT jobs re- 

covery may be further off than most 


definitely part of the solution, but so 
is using IT to create value for the 
enterprise and speaking the busi- 
ness side's language to communi- 
cate that value. Somewhere along 
the line, many so-called IT profes- 
sionals appear to have forgotten 
that it’s all about managing technol- 
ogy for the good of the enterprise. 
Leon Kappelman 

Director, IS Research Center, 
University of North Texas, 


T WOULD BE interesting to see 
whether or not companies that 
have IT departments with tarnished 

reputations have an active project 
management process in place and 
a project management office that is 
backed by senior management. Too 
many times, I've seen project man- 


| Don’t Forget MOM 





agers bullied into fixed budgets and | 


timelines by senior managers. This 
inevitably leads to projects that 
aren't delivered on time or within 
budget. 

Scott Burgett 


Project manager, Atlanta 


AM RATHER DISAPPOINTED by 

your article on event-driven archi- 
tecture (and Gartner's take on it, 
but that was nothing new). The arti- 
cle [“Event-driven Architecture 





Poised for Wide Adoption,” Quick- 
Link 38332] gives the impression 
that event-driven architecture is 
something new and that middle- 
ware packages are just about to 
start to support it in earnest. On the 
contrary, sophisticated event bro- 
kering has been a feature of mes- 
sage-oriented middleware like BEA 
Tuxedo or NCR (now also BEA) 
TopEnd for decades. 

Dragi Raos 

Managing partner, Pardus, 
Zagreb, Croatia 


Vendors Should Assess Themselves First 


S$ | READ Patrick Thibodeau’s 

interview with Juergen Rottler, 
a vice president in HP's services di- 
vision [QuickLink 38328], | couldn't | 
help but smile at the headline, “Step 
1: Hire a Consultant, HP Exec Says,” 
which echoed Rottler's advice 
about the first step to take in adopt- 
ing the on-demand model. | think 
Rottler is more likely saying, “Hire 
an HP consultant. For $25,000, HP 
will study your situation in orderto | 
better help HP tell you how HP can 
help you - for more money.” In my 
years as a CIO, | was always suspi- 
cious of this pattern. | think a more 
appealing approach (at least in the 
eyes of the targeted ClOs) would be 
for HP to invest its own time and re- 
sources to make that assessment. 
Why should the customer pay to 
help a vendor make its sales pitch? 
If HP truly feels it can differentiate 





itself based on the strength of its 
“intellectual property and method- 
ologies,” it should likewise see that 
this assessment process is an in- 
vestment worth making. 

Bruce Barnes 

President, Bold Vision LLC, 
Dublin, Ohio 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 


| They should be addressed to Jamie 


Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 
Fax: (508) 879-4843. 

E-mail: letters@computerworld.com. 
Include an address and phone num- 
ber for immediate verification. 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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ROBUST OBJECT DATABASE 


database. 


This is the next wave. 


For your next generation of applications, 
move to the next generation of database technology: 
Caché, the post-relational database. 

What makes Caché “post-relational”? It provides 
developers three integrated data access options which 
can be used simultaneously on the same data: an 
advanced object database, high-performance SQL, 
and rich multidimensional access. 

Because Caché’s architecture is a multi- 
dimensional structure, applications built on it are 
massively scalable and lightning-fast. 

Plus, no mapping is required between object, 
relational, and multidimensional views of data. 

This means huge savings in both development and 
processing time. And, Caché-based applications 
don’t require frequent database administration or 
hardware and middleware upgrades. 


More than just a database system, Caché 
incorporates a powerful Web application develop- 
ment environment that dramatically reduces the 
time to build and modify applications. 

The reliability of Caché is proven every day in 
“life-or-death” applications at hundreds of the largest 
hospitals. Caché is so reliable, it’s the world’s leading 
database in healthcare — and it powers enterprise 
applications in financial services, government and 
many other sectors. 

We are InterSystems, a specialist in database 
technology for 25 years. We provide 24x7 support 
to four million users in 
88 countries. Caché is 
available for Windows, 
OpenVMS, Linux and 
major UNIX platforms. 


InterSystems » 


Ee. CACHE 


Make Applications Faster 


Download a fully-functional version of Caché or request it on CD for free at www.InterSystems.com/post-relational 


© 2003 InterSystems Corporation. All rights reserved. InterSystems Caché is a registered trademark of InterSystems Corporation. 
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FUTURE WATCH 

Captchas Eat Spam 
Programs that distinguish be- 
tween humans and machines 
could help block spam and con- 
tribute to advances in areas such 
as artificial intelligence. Page 32 


Q&A 

tining Technology 

Up With Business 

Siki Giunta, the CEO of Managed Ob- 
jects, talks about her company’s focus 
on making IT more accountable for 
the success of the business. Page 30 


TOM RAYMOND 
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SECURITY MANAGER’S JOURNAL 


Securi 
Access Token 


Sweep Reveals 
iolations 


Vince Tuesday’s after-hours survey of physi- 
cal security uncovers an array of policy vio- 
lations, including an unguarded access token 
with the passnumber written on it. Page 33 





Here’s how two early adopters 
are using Web services for 
internal integration projects. 


By Carol Sliwa 


T'S NOT HARD TO FIND companies 

that have dipped their toes into 

the water to explore how Web 

services might help address some 

of their nagging integration prob- 

lems. But few have launched ma- 
jor initiatives of the scope at Eastman 
Chemical Co. and Merrill Lynch & Co. 

One of the distinguishing character- 

istics that separates these early adopt- 
ers from the mere dabblers is the sys- 
tematic approach they take to building 
the sort of service-oriented develop- 
ment architecture that experts say 
they'll need to realize the full benefits 
of Web services. Some of the biggest 
challenges they’ve faced so far have 
been finding the right tools and estab- 
lishing best practices without a well- 
established road map. 


Eastman Chemical 
EASTMAN CHEMICAL, a Kingsport, 
Tenn.-based maker of chemicals, fibers 
and plastics, is plotting the rollout of a 
service-oriented architecture across 
key legacy systems to give users more 
visibility and control over their busi- 
ness processes. 

To do that, the IT department is tak- 
ing stock of all of the company’s appli- 
cation servers (which run on AIX, 


JOBS 


Windows 2000 and Windows NT), as- 
sessing what the applications do, strip- 
ping off the user interfaces and expos- 
ing the application functions as ser- 

| vices, says Carroll Pleasant, an associ- 
ate analyst in Eastman’s emerging digi- 
tal technologies group. 

“Once we're done, the [users] should 
be the ones deciding what the business 
processes will be, rather than having 
the applications determine the busi- 
ness process for them,” he says. 

Like a number of other companies, 
Eastman got started with Web services 
by focusing on a key project that 
would help its IT department learn 
about the new technology. Developers 

| created a simple read-only Web ser- 
vice to give customers access to tech- 
nical data in its product catalog. 

The product catalog Web service, 
which went live about a year ago, elim- 
inated the need for customers to 
screen-scrape data from Eastman’s site 
or to download a monolithic catalog to 
spreadsheets. Customers instead can 
now go to the Web site and make a re- 
quest that causes the system to send 
an XML-based message using SOAP 
over HTTP to Eastman’s Saqqara Sys- 
tems Inc. database. The latter then 
does the data retrieval and sends back 
the information via XML and SOAP. 

With one successful project under 
its belt, Eastman’s next big step was 
tackling an internal Web service it 

| calls a management score card. The 
service lets the company’s top 150 ex- 

| ecutives access financial, manufactur- 

ing and other data from several dis- 

| parate internal and external systems 

| for competitive analysis purposes. 

| Developers used Visual Basic 6.0 

| and Microsoft’s SOAP tool kit to build 
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: Anybody who gets into this deeply 
will find very quickly that they need 

Jaa =a tool set for managing services. It’s as 

7 fundamental as running your data center 


monitoring tools. 
CARROLL PLEASANT, ASSOCIATE ANALYST, EMERGING DIGITAL TECHNOLOGIES GROUP 
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the interfaces to its data warehouse 
and other back-end systems. Pleasant 
notes that, in hindsight, the newer and 
more reliable Visual Studio .Net tool 
kit — which Eastman developers now 
use — would have been a better 
choice, since it generates more of the 
low-level plumbing code. But the team 
lacked experience with it at the time. 

To tie together the data, Eastman de- 
velopers turned to Java-based server 
software from New York-based Drop- 
lets Inc. to deliver a client with a rich 
graphical user interface that “deploys 
like a Web application,” Pleasant says. 
“The user just clicks on a shortcut and 
points to the application running on 
the server,” he says. 

Not everything went so smoothly. 
Long before the management score 
card went live last December, Eastman 
realized it would have to figure out 
how to manage its growing collection 
of services so that programmers 
wouldn’t have to do checks to make 
sure all the services are running. 

“Anybody who gets into this deeply 
will find very quickly that they need a 
tool set for managing services,” says 
Pleasant. “It’s as fundamental as run- 
ning your data center monitoring 
tools.” 

Eastman experimented with tools 
from NextAxiom Technology Inc. in 
Pleasanton, Calif., and webMethods 
Inc. in Fairfax, Va., to create a Web ser- 
vices management “engine” that’s 
more than a mere registry for the pub- 
lication of services that applications 
can consume. The engine also needs to 
manage the security model, the or- 
chestration between Web services, de- 
bugging and monitoring of the ser- 
vices, fail-over capabilities, caching 
and data transformation, Pleasant says. 

When Pleasant surveyed the product 
landscape, he found a variety of confus- 
ing choices from small start-ups. 
“There’s no consensus yet as to exactly 
what a Web service management tool 
should do or what services should re- 
side there vs. the application server,” he 
says. “It’s very tough, because you can’t 
just do an apples-to-apples comparison 
between these guys. Each one repre- 





sents some fundamentally different ap- 
proach as to how you're going to build 
the service-oriented architecture.” 

Another decision Eastman faced was 
how to “chunk” its data and whether to 
make “little calls to services or one big 
one” to compensate for the perfor- 
mance hits that result when data is 
transformed into and out of XML, 
Pleasant says. 

To boost performance, Eastman had 
to learn the fine points of caching data 
so that multiple requests for the same 
information don’t trigger individual 
calls to the database every time. 

The company has done most of its 


| work without help of high-priced con- 


sultants, although NextAxiom and oth- 
er vendors have assisted with East- 
man’s near-term focus to create com- 
posite applications that tie together 
low-level services from existing legacy 
“application silos” and present the data 
in a view that aligns with the user’s 
business processes. Microsoft’s sup- 
port for Web services and XML will 
also be helpful going forward, since 
Eastman is a heavy Microsoft user. 

But one of the continuing challenges 
Eastman faces is the dearth of role 
models, since few have done what it’s 
attempting to do. 

“It’s going to take a long, long time 


| for everything to switch over to Web 


services and a service-oriented archi- 
tecture,” Pleasant says. “We see the 
movement going on with almost all of 
our vendors. We’re confident they’re 
going this route. But it takes time to get 
there.” 


Merrill Lynch 


INTEGRATION HEADACHES drove Merrill 
Lynch to turn to Web services about 
one year ago as a cheaper and more ef- 
ficient alternative to the middleware it 
uses to enable its thousands of main- 
frame applications to talk to its middle- 
tier and Web-based front-end systems. 
The challenge confronting the New 
York-based financial services company 
is far more expansive than most com- 
panies will ever encounter. Merrill 
Lynch has 23,000 CICS programs run- 
ning on its mainframes, and it’s very 





difficult to integrate those programs 
with Microsoft’s .Net development 
platform, IBM’s WebSphere or any oth- 
er platforms or tool sets, notes Jim 
Crew, director of the infrastructure 
and data services group. 

Exposing those CICS applications 
with language-agnostic Web services 
interfaces and sending data using in- 
teroperable XML held great appeal. So 
Merrill Lynch created its own tool set, 
called X4ML, to help its mainframe 
programmers build interfaces and run 
Web services without need of XML, 
Java, Visual Basic or Web services 
skills and without having to modify the 
CICS programs. “There’s nothing in 
the marketplace that’s nearly as ad- 
vanced as what we built,” says Crew. 

The tool set, which the firm continu- 
ally fine-tunes, has an analyzer compo- 
nent that looks at a compiled listing of 
a Cobol program, tries to figure out its 
I/O and automatically produces the 
Web Services Description Language 
files that represent the interface and 
all of the runtime metadata, says Crew. 
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programs. For instance, if three pro- 
grams do account inquiries, only one 
Web service is needed to expose that 
function. But Crew says that’s not the 
ultimate objective. “The goal is lower- 
ing the cost of running the business by 
reusing existing resources,” he says. 

Crew estimates that for every dollar 
spent on an application, 90 cents goes 
to plumbing code. “Our goal is to make 
sure that 90 cents on the dollar is 
spent on the application and 10 cents 
on plumbing. Web services is getting 
us closer to that point,” he says. 

Merrill Lynch IT executives often 
point out that the firm cut the cost of 
developing an investment banking ap- 
plication from $800,000 to $30,000 by 
using Web services instead of tradi- 
tional development methods. Crew at- 
tributes the differential to X4ML’s abil- 
ity to eliminate plumbing code. 

Cohen says reusing code should help 
to reduce the turnaround time for new 
projects, which often depended on de- 
veloper knowledge of how to call a 
particular CICS transaction using lega- 


Our goal is to make sure that 90 
cents on the dollar is spent on the ap- 


plication and 10 cents on plumbing. Web 
services is getting us closer to that point. 


JIM CREW, DIRECTOR OF THE INFRASTRUCTURE AND DATA SERVICES GROUP 


X4ML can be accessed either 
through HTTP synchronously or 
through IBM’s MQSeries synchronous- 
ly or asynchronously, says Dave Co- 
hen, a vice president in Merrill Lynch’s 
technology architecture group. “That’s 
important for helping with the goal of 
cost reduction,” he notes. 

Venkat Pillay, a vice president in the 
infrastructure and data services group, 
says his team was apprehensive about 
scalability going through a CICS trans- 
action gateway. But performance test- 
ing showed that TCP/IP and HTTP lis- 
teners in CICS provided the fastest, 
most scalable and efficient way to get 
into CICS, he says. 

To boost performance, Merrill also 
wrote its own XML parser to run in 
CICS, since the off-the-shelf Java- 
based XML parsers were too slow, says 
Mike Card, another vice president in 
infrastructure and data services. 

Card says the old system drove 
about 19 transactions per second, but 
using X4ML and Web services, the fig- 
ure shot to 239 per second. 

Through its work, Merrill Lynch 





hopes to phase out many of its CICS 


cy protocols. Web service interfaces 
and more widely accepted program- 
ming tools will ease the process. 

So far, Merrill Lynch has used X4ML 
in more than 20 applications running 
in production and several more in de- 
velopment. The tool has also been 
used to build Web services interfaces 
to about 350 CICS programs during the 
past year, according to Crew. 

The company has created an X4ML 
directory with capabilities similar to 
the UDDI standard to document its 
Web services, but it plans to migrate to 
UDDI later this year. 

“Once we start using UDDI, we will 
see the benefit of application reusabili- 
ty,” says Pillay. “A lot more people will 
be able to find each other’s services 
and reuse the code.” 

So far, all of Merrill Lynch’s work 
with Web services has been internal. 
Crew says he expects it to stay that 
way for at least the near term because 
of the lack of security standards. But 
internal Web services alone can have a 
significant impact at Merrill Lynch. 

“What a huge productivity tool,” 
says Crew. B 
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Searchable white paper library delivers the in-depth 
information you need to make confident decisions. 


With the growth of the Internet, the volume 
of information available as you try to keep 
pace with technology can be daunting. 
More than ever, you need a reliable source 
for the insight and opinion you need to do 
your job effectively and efficiently. The 
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T’S TOUGH ENOUGH de- 
fending the IT perimeter 
against spyware, viruses, 
worms and unauthorized 
intrusions. But no matter 
how good their defenses 
are, companies still risk 
getting hurt by those they 
trust most: remote work- 
ers. “If anyone wants to 
attack, all they have to do is drop ina 
Trojan [horse] and wait for the person 
to log in,” says Dennis Peasley, informa- 
tion security officer at furniture maker 
Herman Miller Inc. in Zeeland, Mich. 
Personal firewalls help, but stand- 
alone versions don’t always protect the 
corporate LAN adequately. For exam- 
ple, Peasley initially installed Zone- 
Alarm from San Francisco-based Zone 
Labs Inc. on 900 laptops. But the dis- 
tributed personal firewall installations 
were difficult to monitor and maintain. 
Peasley now uses Zone Labs’ newer, 
server-based Integrity software to cen- 
trally manage those remote personal 
firewalls. “With any new system we in- 
stall, the main cost is not the cost of 
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the software, but the cost of managing 
it,” he says. “Centralized management 
cuts those costs.” 

Stand-alone personal firewalls don’t 
work well for corporate LAN access 
because end users have access to the 
software and tend to misconfigure it 
or shut it off entirely, and administra- 
| tors face problems supporting and 
installing updates. Because the update 
process is time-consuming, adminis- 
trators may avoid updates altogether, 
leaving unpatched clients open to new 
vulnerabilities. 

“T’ve seen personal firewall software 
that was individually installed on sev- 
eral large computer systems, and it al- 
ways becomes a mess,” says Kevin 
Beaver, president of Principle Logic 
LLC, an information security consult- 
ing firm in Kennesaw, Ga. “Configura- 
tions and patches were inconsistent, 
and the administrators spent way too 
| much time on the ‘sneaker net,’ going 
around to remedy problems.” 

The best centrally managed person- 
| al firewall systems won't let end users 
| disable the local firewall software or 
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change the settings, says John Pesca- 
tore, an analyst at Gartner Inc. in 
Stamford, Conn. “Users will just say 
yes to everything, so you have to cen- 
trally manage them in a way that is in- 
visible to the client,” he says. 

Some tools also integrate with anti- 
virus and virtual private network 
(VPN) software. Pescatore says two 
of the more advanced products in this 
arena, Integrity and Sygate Secure En- 


terprise, from Sygate Technologies Inc. 


Personal firewall management systems allow 
centralized control and enforcement of security 
settings for remote users. By Drew Robb 
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in Fremont, Calif., include a back- 

end server that can act as a gateway 
through which remote-user access can 
be controlled (see diagram, next page). 

Peasley uses that feature on his In- 
tegrity firewall system. The end user 
connects to the Cisco VPN 3030 con- 
centrator, which directs the user ses- 
sion to the Integrity server to authenti- 
cate the client, checks that the client’s 
antivirus software is up to date and 
provides any necessary updates before 
allowing access to the network. 

Vendors of related security products 
and security suites have jumped in 
with their own centrally managed fire- 
wall offerings. These typically include 
tight integration with sister security 
products. The downside is that they 
may be weaker in terms of manage- 
ment capabilities, integration with ex- 
isting directory structures, reporting 
features and even the level of security 
they offer when compared with dedi- 
cated desktop firewall management 
products. 

Symantec Corp. in Cupertino, Calif. 
and Network Associates Inc. in Santa 
Clara, Calif., have added personal fire- 
walls to their corporate antivirus soft- 
ware, as have VPN vendors such as 
InfoExpress Inc. in Mountain View, 
Calif., and Check Point Software Tech- 
nologies Ltd. in Redwood City, Calif. 
Sticking with one vendor generally 
makes it easier to integrate the security 
products, and in some cases, they can 
| be managed from the same console. 

“If you are committed to using an 
antivirus product, see if they also have 
a firewall product so you don’t have to 
write the code to get the parts to talk 
to each other,” says Robert Hillery, 
principal at security consulting firm 
HawkSI LLC in Hanover, N.H. Having 
a single vendor for both products also 
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Personal Firewall Plays Central Role 


Cae 
Flatt cy 


Personal firewall systems that 
can be centrally managed add an 
extra security layer between the 
VPN or other network access 
points and the corporate LAN. 
The systems can lock down and 
automatically update firewall set- 
tings on remote PCs, enforce poli- 
cies and act as gateways, check- 
ing that user configurations, soft- 
ware updates and virus signa- 
tures are current before allowing 
access to network resources. 


eliminates finger-pointing, he says. 

Most organizations like to stick with 
familiar vendors and leverage what 
they already have. When the city of El 
Paso, Texas, needed to buy 1,000 fire- 
walls as part of its Health Insurance 
Portability and Accountability Act 
compliance program, it chose Network 
Associates’ McAfee Desktop Firewall, 
in part because the city already used 
McAfee VirusScan. 

“We can manage the firewalls 
through the same interface as the an- 
tivirus software,” says Francisco Sepul- 
veda, the city’s information security 
officer. “This makes it easy to operate 
and to deploy updates.” 

Although this ability to remotely de- 
ploy personal firewall policy updates 
is a key feature, not everyone chooses 
to make use of it. For example, a West 
Coast beverage company uses Info- 
Express’ VPN software and recently 
installed that company’s CyberArmor 
personal firewall on 500 new laptops 
before sending them out into the field. 
The company uses InfoExpress’ Cyber- 
Gatekeeper to enforce policies, but it 
uses uses Novell Inc.’s ZENworks to 
deploy and manage them. 

“We roll out policy updates through 
ZENworks, not InfoExpress’ manage- 
ment server, because we didn’t want to 
have multiple products out there up- 
dating different things on the laptops,” 
explains the company’s network engi- 
neer, who declined to be identified. 

Most personal firewall management 
products are fairly easy to use. But ad- 
ministrators need to decide not just 





what policies to enforce on which ma- 
chines, but also how to apply those 
policies in different contexts. For ex- 
ample, the way in which a given user 
connects to the network may vary. 
“People use a docking station when 
in the office, cable or DSL [Digital Sub- 


| scriber Line] at home, wireless hot 


spots on the road, and dial-up when 
nothing else is available,” says Pesca- 
tore. “The firewalls need different 
policies for each of these situations.” 
For this reason, some products sup- 
port multiple sets of location-specific 
policies on a single laptop. Wells’ 
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Dairy Inc., a privately held $700 mil- 
lion dairy processor in Le Mars, Iowa, 
uses that feature with its 400 remote 
users running Sygate’s personal fire- 
wall software. 

“We can have multiple policies per 
user, per machine, per location. These 
fluidly change as the machine moves 
from location to location,” says net- 
work architect Jim Kirby. 

Even companies with a small group 
of remote users will benefit from cen- 
tralized management, Kirby says, since 
administering firewalls on even a small 
number of remote systems is cumber- 


TOOLS CREATE LOGJAM 


Logging and reporting are one area 
where users and analysts say centrally 
managed personal firewalls could use 
improvement. The problem is that the 
sheer volume of entries flooding in from 
hundreds or thousands of personal fire- 
walls can make the data unusabie. 

“A client showed me a 2-inch stack 
of paper and said, ‘This is last week’s 
log,’ ” says Robert Hillery, principal of 
security consulting firm HawkSl. “You 
need to get software that will winnow 
this down to a usable size for human 
consumption.” 

But even that isn’t enough. Obtaining 
a complete picture of the network’s se- 
curity status requires correlating the 
desktop firewall log data with that pro- 
vided by intrusion-detection systems 
(IDS) and other security and network 
elements. Many network systems man- 





agement packages include these fea- 
tures. In addition, less costly stand- 
alone products such as Erftstadt Ger- 
many-based Adiscon GmbH’s Event- 
Reporter, Vancouver, Wash.-based TNT 
Software’s ELM Log Manager and San- 
ford, Maine-based Somix Technologies 
Inc.’s Logalot consolidate logs into a 
single view. The administrator can then 


| set management policies that make 


sense of the data. 

For example, an administrator might 
configure the software to archive the 
log entries for the thousands of daily 
port scans it detects but issue alerts for 
unexpected types of attacks. The ad- 
ministrator can then view all personal 
firewall log data and receive alerts from 
the IDS, gateway firewalls or other se- 
curity systems using one console. 

- Drew Robb 
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some. “If you have more than 10 lap- 


| tops, you need a central control con- 


sole. You will kill yourself trying to do 
it any other way,” he says. 
Another factor to consider is how 


} much access to the firewall software to 


grant to users. The general rule is not 


| to allow users any access, but there are 


exceptions. Kirby sets up his so that 


| users can’t even tell that the software 
| is running; laptops at Herman Miller 
| have a status icon for diagnostic pur- 
| poses. But in both cases, users still 


can’t shut off the software or change 
any settings. 

By contrast, El Paso’s users have 
the option to turn off the firewall. 
“We allow users to shut it down if 

they are not connected to the net- 
work, since some people use it 

on their personal computers at home,” 

Sepulveda explains. But they can’t log 

back onto the VPN without restarting 


the firewall. 


| The Next Generation 


| Vendors and analysts say the next 
| generation of products will offer even 
| tighter integration between firewalls 


and antivirus software so that admini- 


| strators have to touch the desktop 

| only once. Kirby says he'd like to see 
| greater integration between firewalls 
| and other products as well. 


For example, Sygate offers simple 
check boxes to allow access to Win- 
dows networking and file sharing in- 


| stead of having to configure multiple 
| policies or rule sets. But it doesn’t of- 
| fer such a setup option for his Cisco 


VPN hardware. Similarly, the Cisco 


| Systems Inc. hardware has a pull-down 


menu to activate support for firewalls 
from Atlanta-based Internet Security 


| Systems Inc. and ZoneAlarm, but not 
| for his Sygate system. 


Gartner’s Pescatore expects to see 
greater application awareness. Al- 
though many firewalls can block unau- 
thorized applications from running, 


| they don’t block that application from 
| doing things it shouldn't. 


For example, although a firewall 
may let Outlook run on a laptop, it 


| should block an application from 


e-mailing copies of itself to everyone 


| in the user’s Outlook directory. Pesca- 
| tore doesn’t expect to see that feature 
| until 2005, but he doesn’t advise wait- 


ing for it. 

“Every laptop needs a personal fire- 
wall,” he says. “It is not a luxury you 
can afford to do without.” D 





Robb is a freelance writer in Los Angeles. 
You can reach him at robbeditorial@ 
sbcglobal.net 
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Managed Objects Inc. 

CEO Siki Giunta says her 

McLean, Va.-based com- 

pany is looking to “set a 
table” at which senior IT managers have 
a place alongside other corporate deci- 
sion-makers. Giunta claims that with 
business service management (BSM) 
software and methods, CEOs and CFOs 
have a way to accurately align their IT 
systems with their business needs. Ac- 
cording to Giunta, BSM allows IT man- 
agers to assess which pieces of technolo- 
gy are most critical to any given busi- 
ness process, and to monitor them ac- 
cordingly. 

Giunta spoke to Computerworld 
technology editor Tommy Peterson 
about why she thinks BSM is not just an- 
other fleeting three-letter acronym and 
the imperative for IT to be more closely 
focused on business goals. 


What is business service management? It is 
a method and an approach so that our 
customers can see technology from a 
business point of view. When I buy a 
piece of technology, I should know 
what part of the business it’s going to 
impact. And if that piece of technology 
is not available, how the end user and 
the business is going to be affected. It 
allows our customers to maximize 
what they really have and at the same 
time to deploy new technology in 
pieces and for the most important 
business processes. 

Big corporations have 10 or 15 differ- 
ent processes that comprise 90% of the 
revenue. But IT people don’t think that 
way — they think in terms of metrics, 
they think in terms of servers or data- 
bases or even the applications them- 
selves. They don’t see technology as a 
continuum and at the same time they 
don’t realize that IT availability really 
affects business availability. We pro- 
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vide a methodology and software that 
changes the way IT people think about 
managing technology. It makes them 
realize quite clearly the service they 
provide to the business. 


Can you be more specific about the technolo- 
gies involved? Business service manage- 
ment is the climax of a series of ways of 
doing technology. In the 90s, after we 
decided, “Let’s get out of the main- 
frames and let’s go buy lots of 
client/server technologies,” the con- 
nectivity and the network — that’s the 
first thing people would think was 
most important. In the 90s, people 
were thinking that the network was the 
big thing and they bought a lot of net- 
work managers. But they realized the 
network was only the connectivity 
piece — there are a lot of things in the 
middle, like servers, so they went and 
bought the frameworks and agents that 
would monitor the box. But that, too, 
would only provide another piece of 
the puzzle. 

What it did create was a lot of double 





screens to watch. They had to screen 
the network and they had to watcha 
filter and alarms from metric managers 
and then they had to watch another 
product that would view the system. So 
people said, “I want to go to a single 
console,” so they bought 
MOM, meaning manager of 
managers. What a MOM re- 
ally does is just take the 
screen away — it allows you 
to filter the event, and prob- 
ably you're trying to find 
some common events that 
are really affecting the busi- 
ness. Still, everything is in the hands of 
the people who understand the event 
list, people who can say, “Oh, I know 
that when this server goes down, busi- 
ness is affected.” 

What we do with BSM is we provide 
an integration to these two layers. We 
include the security and storage that 
impact the business. And we say in- 
stead of filtering the events, why don’t 
you use an object layer. It has more 
power to all the instrumentation that 
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you've done, because when you instru- 
ment, if you have an object environ- 
ment, you can have configuration, you 
can have graphical design, you can 
have command and control. 

Instead of writing scripts to filter 
events, why don’t you actu- 
ally isolate each of the ele- 
ments supporting an appli- 
cation and use them as ob- 
jects and start building the 
relationships among the 
objects? That way you can 
say that one server ina 
business process is proba- 
bly more important because, say, it 
hosts the databases. 


What does that mean in terms of action, 

and in terms of the other technology? You 
start thinking not just availability and 
up or down, you start thinking in terms 
of state-of-the-business process. And 
the good [state-of-the-business proc- 
ess] reflects good service that IT is 
providing to the business. Obviously, 
when you're out of a good state, you’re 
in a critical state and the service is 
deteriorated. 

We're finding that the customers are 
starting to see IT from an end-user and 
an application point of view because 
obviously the end user is the element 
that is impacted first, and they’ve done 
a lot of testing and end-user perfor- 
mance and application monitoring. In 
fact, I would say people will see that 
the application is the business. Tech- 
nology is actually getting nearer to the 
business. BSM is the totality of all the 
elements of technology — network 
systems, databases, end user, applica- 
tions — and how you correlate all of 
that to determine a good state of the 
business and relate that to the opti- 
mum service that IT delivers to the 
business. 


Your technology would seem to put IT back 
into the role of a support service, yet it spot- 
lights the jobs of IT managers as crucial to 
making the business run better. Which way 
do your customers see this as cutting? 

What Managed Objects provides is a 
dinner table where the IT people can 
talk to the line-of-business people. We 
provide enough technology and scala- 
bility for the IT people so that they 
benefit from what we provide. At the 
same time, we conflate their terminolo- 
gy into business terms in a way that the 
line-of-business understands it. The 
line-of-business talks about volume and 
talks about day and time and calendars. 
And those concepts can be applied to 
our formula so the IT people can repre- 





| sent them for the line-of-business. DB 
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Captchas 
Eat Spam 


ingenious computer tests may 
also advance machine vision 
and Al. By Jaikumar Vijayan 


N THE INTERNET, nobody 
knows you're a dog. Or a rogue 
robot program stealthily gath- 
ering personal information 
from chat rooms or registering for 


| pany’s AltaVista search engine. Re- 
searchers at the company developed 
and patented a character-recognition 
test that was used during the AltaVista 

| registration process to weed out auto- 


thousands of free e-mail accounts from | mated programs. 


which to blast out spam. 

One way to stymie such bots 
is to use a captcha. Short for 
“completely automatic public 
Turing test to tell computers 
and humans apart,” a captcha is 
a program that can generate and grade 
tests that are easy for humans to solve 
but very difficult for computers to 
crack. 

Examples include words that have 
been precisely distorted by computers 
(see “Shark Attack,” at right), images 
overlaid with other images or audio 
clips with background noise. 

By including a captcha as part of the 
registration process for a free e-mail 
account, for instance, it would be rela- 
tively easy to establish whether the 
registrant is a human or a robot pro- 
gram. 

“The human visual system and all of 
our experience in reading makes it 
possible to read images of text which 
computer vision systems at their best 
cannot do reliably,” explains Henry 
Baird, a principal scientist at Palo Alto 
Research Center Inc. (PARC) in Cali- 
fornia. 

The concept of using programs like 
captchas to deal with bots and spam on 
the Internet has been around since 
1997. A team of researchers at what was 
then Digital Equipment Corp. was 
working on a way to deal with bots 
that were trying to influence the way 
certain sites were ranked on the com- 


RE 
WATCHE 


In September 2000, Pitts- 
burgh-based Carnegie Mellon 
University’s computer science 
department started developing 
similar programs in response 
to a request from Yahoo Inc. 

Like AltaVista, Yahoo was grappling 
with rogue programs that were invad- 
ing its chat rooms and illegally market- 
ing products, stealing personal infor- 


Shark Attack 








mation and spamming 
users. “The idea was to 
create a computer pro- 
gram that could distin- 
guish bots from humans. 
The program would have 
to serve as a sentry, but it 
couldn’t itself pass the 
very test it gives,” says 
Manuel Blum, a professor 
of computer science at 
Carnegie Mellon. 

The result was Gimpy, a 
captcha containing seven 
words chosen at random 
from a dictionary of 850 
words and then distorted 
and overlaid with clutter via software. 
Passing the test required identifying 
at least three of the distorted words 
correctly. 

A simpler one-word version of 
Gimpy, called E-Z Gimpy, is currently 
used by Yahoo on its Web site to weed 
out humans from bots during the regis- 
tration process. 

Meanwhile, researchers at the Uni- 
versity of Hong Kong are working ona 
captcha that overlays audio clutter on 
top of a voice reading out random 
numbers and letters. 

PARC is using its optical character 
recognition (OCR) expertise to write 
programs that can break captchas. As a 
result, PARC is getting a quantitative 
idea of the circumstances under which 
OCR fails. Programs capable of over- 
coming captchas can help build ma- 
chines that are better able to recognize 
characters than current machines are. 


Lease 


These nonsense words were generated by captcha software at PARC and then distort- 
ed so that they look as if they have “undergone a shark attack,” as PARC’s Henry Baird 
puts it. Humans can readily read them, but the best software can’t. 
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PARC’s captchas, called 
BaffleText, rely on words 
that have been mutilated 
and distorted to the point 
where even the best com- 
puter vision technology 
can’t decipher them, 
though humans can. 

“Imagine a word that 
has undergone a shark at- 
tack. If you do the engi- 
neering carefully, then the 
characters are largely de- 
stroyed. However, there is 
enough left that people 
just look at it and see the 
whole word,” says Baird. 

Ironically, although captchas could 
play a useful role in dealing with rogue 
bots and spam, the effort to break them 
could prove even more valuable in the 
long term, Baird says. 

Captchas present an interesting 
challenge to the artificial intelligence 
and computer vision communities, and 
research that goes into breaking them 
could benefit these fields enormously, 
he says. 

Since captchas are designed to de- 


| feat the best computer vision technolo- 


gies that are available today, any pro- 
gram that is capable of defeating 
captchas will contribute to better vi- 
sion systems, says Jitendra Malik, a 
computer vision specialist at the Uni- 
versity of California, Berkeley. 

Captchas present researchers with 
many of the same complexities found 
in the real world, but in a somewhat 
more controlled fashion, he says. “For 
example, we have learned what kind of 
background noise is more difficult to 
deal with and what is not,” says Malik. 

Computer vision systems often try 
to recognize an object in a cluttered 
field. That could mean being able to 
recognize a face in a crowd or a partic- 
ular piece of furniture in a room 
crowded with other pieces of furni- 
ture, regardless of lighting, contrast or 
other conditions, he says. 

Malik has written programs to crack 
both versions of Gimpy, and that has 
helped him understand how to deal 
with background noise in an image. He 
says he hopes that research will yield 
breakthroughs in computer vision. 

A similar goal is driving PARC’s re- 
search, Baird says. “In a quantitative 
way, we will know exactly under what 
circumstances machine vision fails and 
use that to build better ones,” he says. D 


CAPTCHA CAPABILITY 


Creating captchas isn’t easy. Find out why: 
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Security Sweep Reveals 


RT 


Access-Token Violations — 


An after-hours walk-through uncovers 

an array of security problems, including an 
unguarded token with the passnumber 
clearly written on it. By Vince Tuesday 


HE TERRORISM ALERTS 
over the past few 
months have dramati- 
cally increased manage- 
ment’s focus on physical secu- 
rity at my company. My team 
doesn’t directly cover physical 
security, but our scope does 
extend to all of information 
security, not just IT or 
computer security. 
This means we’re 
responsible for pro- 
tecting information 
that’s printed out 
or in transit, as well 
as data that resides 
within our informa- 
tion systems. 

This can lead to overlap 
with the physical security 
team as well as security gaps, 
so we work very closely with 
the other team to try to avoid 
these problems. 

They focus on guarding 
people, buildings and proper- 
ty. They also have stronger 
ties to law enforcement and 
the government. So while they 
deal with things like detecting 
phone taps and meeting-room 
bugs and handle the disposal of 
confidential materials, we cov- 
er information labeling and 
disclosure processes. While 
they stop social-engineering 
attackers from talking their 
way onto the premises, we han- 
dle social-engineering attacks 
via the telephone or e-mail. 


Making a Sweep 

Given the increased awareness 
about physical security, I de- 
cided to have my team carry 
out one of our regular sweeps 
of the building. I wanted to 
measure the access available 
to malicious intruders or in- 
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siders in search of confidential 
information or intellectual 
property. 

The results would be 
anonymous to avoid creating 
scapegoats. Our goal was to 
inform management of the 
current level of exposure and 
to make sure that we would be 
included in future awareness- 
raising activities. 

First, we had to 
agree on procedures 
that wouldn’t put 
users at risk of disci- 
plinary action, and I 
needed to find a way 
to protect my team. 
People have a high level of at- 


tachment to their work spaces: | 
| notes on his wall, crossing out 
| old ones as they expired and 


They see the space as theirs 
and are fiercely protective of 
it. Our tests might result in 
someone blaming us for thefts 
or claiming that we damaged 
their machines. 

So I put a few simple ground 
rules in place. The first rule 
was not to touch anything. 
That meant no lifting key- 
boards and no opening draw- 
ers. However, the staff could 
take photographs, so there 
would be no debate about 


| was shocked at the 

type and distribution 
of problems at our 

company. .. . | clear- 
ly need to do more 
awareness work. 








what was discovered. And to 
make sure we didn’t get busted 


| for snooping, we had a physi- 
| cal security team member 


with us at all times. I knew we 
wouldn’t find everything, but 


| at least we could do a swift, 


repeatable exercise and track 


| our success at changing atti- 


tudes over time. 
The good news is that only 


| about 3% of work areas had 
| problems. The bad news is 


that the problems we discov- 


| ered were pretty bad. Also, I 


had expected problems to be 
concentrated within specific 


| departments. But the security 
| policy violations we found 

| were evenly spread across 

| the company. 


| Password Problems 


Password policy violations 


| were the most common vul- 


nerability. One person was 
writing passwords on Post-it 


adding the new. One might ex- 


| pect that he would have at 


least thrown away the old 

notes once he had filled them 
with passwords, but six pass- 
word-filled Post-it notes cov- 
ered his wall, all focused on a 


| sports theme. We also found a 


password list that included 
jenniferl, jennifer2, jennifer3 


and so on. You'd think that if 
Jennifer was changing only 

| one number on her password, 

| she wouldn't need to write 


it down. 
In another area, we found 


| several sensitive documents 


sitting unattended in printer 


| output trays. These included 
| project plans, delivery dates 


and internal memos. All had 
been clearly marked “confi- 
dential,” although I can’t be 
sure if the documents were 
just incorrectly marked or a 
true information security risk. 
More troubling was the dis- 
covery of several two-factor 


| remote access tokens that 


| desks. The technology is de- 


a 
aA 


| A ~ 3 


users had left sitting on their 


signed to cope with that even- 
| tuality, since you need both 

the changing code displayed | 
|; on the token and a passnum- 

ber to gain access. I don’t 

think the devices have any re- 
| sale value, so the risk of theft 

is low. But at $75 each, they 

shouldn’t be just lying about. 

The most frightening thing I 

| found was an access token 
| that had a four-digit number 
| written on the front. I can only 
| assume that was the passnum- 
ber for that token. A thief 
would still need to know the 
user name to do anything ma- 
| licious, but our user names 
follow a standard pattern, and 
anyone could easily figure out 
whose desk this was, guess the | 

user name and gain access to 
| our high-security systems 
with the token. Considering 

the risk, I decided to break 
| one of our ground rules and 
confiscate the token. 

So how did we do overall? 
Worse than I expected, but 
better than I feared. I can’t 
| help but keep an eye out for 
| this sort of thing when I visit 
| other companies, and I’m sur- 
| prised at how many violations 
I see. And though I'd like to 
think that security vulnerabili- | 
ties are more frequent else- | 
| where, I was shocked at the 
| type and distribution of prob- 
| lems at our company. No 
group was unaffected. I clearly 
need to do more awareness 
work. I suppose it’s time to 
start nagging again. D 


WHAT DO YOU THINK? = 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 

| for obvious reasons. Contact him at vince 
tuesday@hushmail.com, or join the dis- 
cussion in our forum: QuickLink a1590 
To find a complete archive of our 

Security Manager's Journals, go online to 
| @computerworld.com/secjournal 
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RadVision Releases 
V1.5 of SIP Tool Kit 


RadVision Ltd. in Glen Rock, 
N.J., this week announced 
Version 1.5 of its SIP Server De- 
veloper Toolkit, which contains 
two new optional modules, Pres- 
ence and Back-to-Back User 
Agent (B2BUA). B2BUA takes a 
traditional Session Initiation Pro- 
tocol (SIP) end-to-end call and 
mediates it through a central SIP 
server, enabling a corporation or 
service provider to manage and 
track a call from beginning to end. 
It also offers new features such 
as billing, usage and accounting, 
RadVision said. Presence now in- 
cludes voice and videoconferenc- 
ing in addition to instant messag- 
ing. Version 1.5 is now shipping. 
Pricing wasn’t disclosed. 


Sanctum Rolls Out 
Testing Product 


Sanctum Inc. last week intro- 
duced an automated testing tool 
for detecting and fixing defects 
within any Java or .Net applica- 
tion development environment. 
Sanctum’s AppScan DE 1.7 is 
integrated into Microsoft Corp.’s 
Visual Studio .Net 2003 environ- 
ment and is available as a plug-in 
for several integrated develop- 
ment environments. The product 
retails at $1,495, though Santa 
Clara, Calif.-based Sanctum is of- 
fering it for $995 through Aug. 1. 


Lab Picks Software 
For Supercomputer 


The Los Alamos National Labora- 
tory has chosen Platform Com- 
puting Inc.’s Platform Load Shar- 
ing Facility (LSF) software to help 
harness the total computing 
power in the lab’s new ASCI-Q 
supercomputer. The supercom- 


puter is built from 2,048 Hewlett- | 


Packard Co. AlphaServer ES45 
servers and uses Toronto-based 
Platform’s LSF workload man- 
agement software to distribute 
the total computing power across 
the machine. ASCI-Q will be used 
to conduct predictive nuclear 
weapon simulations. 
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From 


The SCO Mailbag 


OMETIMES THE STORY behind a high- 
profile news story can be pieced together 
from the correspondence of the major play- 
ers. I thought I’d take a peek into SCO’s mail- 
bag to see who’s writing CEO Darl McBride, 
VP Chris Sontag and attorney David Boies and find 
out what they’re saying about SCO’s claims that it 
owns the legal rights to Unix and maybe even Linux. 


Dear Mr. Boies, Mr. McBride 
and Mr. Sontag: This letter is 
to let you know that I have 
signed and returned the 
NDA. While I appreciate 
your offer to pay for my 
travel expenses, there’s 
really no need for me to 
fly out to your location 
to view anything. I just 
“know” there are definitely 
hundreds, if not thousands, 
of instances where Linux 
programmers illegally in- 
corporated SCO intellectual property 
in their code. I will be glad to report 
this information at your request. Let 
me know if and when you need any- 
more expert testimony. 
Sincerely, 
Jayson Blair, formerly of 
The New York Times 


Dear Mr. Boies, Mr. McBride and Mr. Son- 
tag: Thank you for your communica- 
tion with our blessed monastery. We 
confess that we were entirely baffled 
by your allegations until we realized 
that you were using the words Unix 
and eunuchs interchangeably. We 
sense that you may be confused on a 
few other important issues, as well. 
While it is not unheard of for monks 
to be eunuchs, not all of us are. And 
even if we were, we would not be in- 
fringing on your copyrights for Unix. 
We have attached a list of historic and 
religious resources you may wish to 





investigate to educate 
yourselves on these mat- 
ters. Regardless, our par- 
ticular monastic order re- 
quires a vow of poverty, 
therefore we respectfully 
decline your offer to sell us 
SCO in order to avoid liti- 
gation, since we have no 
disposable funds. 
Sincerely, 
Brother Sebastian 


Dear Mr. Boies, Mr. McBride 
and Mr. Sontag: We are concerned 
about our current investment in Unix 
licenses. It has come to our attention 
that SCO does not actually own the 
copyrights and patents for Unix. Since 
we paid considerably more money 
than the normal fees, we are con- 
cerned that our investment may be af- 
fected by your misrepresentation of 
your alleged leverage over the use of 
said copyrights and patents. Obvious- 
ly, it is better for all concerned to be 
discreet on this matter, so we have 
elected not to pursue legal means of 
recovering our investment. Instead, 
we would like to invite all of the man- 
agement at SCO to a vacation retreat 
in Hawaii in order to discuss this mat- 
ter further. 

We have arranged all the transporta- 
tion and will send a black limousine to 
your headquarters to pick you up on 
Thursday at 9 a.m. Please have all your 
corporate officers waiting outside on 








the sidewalk for this ride, preferably 
lined up side by side so that we can get 
a clear view of everyone at once when 
the limousine arrives. 

Sincerely, Bill Gates 


Dear Mr. Boies, Mr. McBride and Mr. Son- 
tag: This is to notify you that we can- 
not comply with your request to for- 
ward your letter to its intended recipi- 
ent because said recipient is fictional. 
I did take the liberty of discussing the 
issues you raised with our corporate 
lawyers, however. They advise me that 
it is extremely unlikely that a judge 
will agree with your charge that the 
name “Scooby Doo” infringes on the 
SCO trademark and has damaged your 
business as a result. While you are cor- 
rect that the two names share three 
consecutive letters, we are confident 
that customers are able to distinguish 
between an operating system and a car- 
toon dog with a speech impediment. 

It is quite true that Velma is the kind 
of character that would work with an 
advanced operating system, and that 
might mean something if the charac- 
ters were real. Regardless, we are not 
in a position to dispute what your ex- 
perts under NDA saw in your “source 
code” since we are unfamiliar with the 
term source code. But we are quite cer- 
tain that our fictional characters Vel- 
ma and Shaggy did not misappropriate 
the words jinkies or zoinks from any- 
thing owned or created by SCO. Final- 
ly, the theory that we chose the name 
“Mystery Machine” to hide the secret 
use of your intellectual property 
would be fascinating if our Mystery 
Machine were a computer instead of a 
cartoon flower-power van. 

Sincerely, 
Betty Cohen, president, 
Cartoon Network 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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QUOTE OF THE WEEK 

4 Achievement is a blend of 
intelligence, motivation and 

personality, and that blend makes 

the difference between A and B 

players rather than talent per se. 


~- Vineeta Vijayaraghavan, consultant, 
Katzenbach Partners LLC 


Dashboard Democracy 

Desktop business-intelligence displays 
used to provide financial data to 
executives. Now they’re finding a new 
home in the cubicle — where real work 
gets done — says Deb Masdea (right), 
director of business knowledge services 
at The Scotts Co. Page 40 





Busters 
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and Master- 
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OPINION 
A Reality Check 
On Going Offshore 


Columnist Bart Perkins provides a 
checklist of issues to consider — from 
U.S. privacy and security laws to the 
employee backlash — before taking 
the offshore IT plunge. Page 42 


NOBODY LIKES BEING RIPPED OFF 
Mi dali But for online retailers, the pain 
aha of being ripped off by unethical 
consumers, identity thieves and 
bogus-card gangs has been magni- 
fied by what they consider to be 
the not-my-problem attitude of credit card issuers 
and card associations like Visa and MasterCard. 

Tom Mahoney, a network administrator at Franklin 
& Marshall College in Lancaster, Pa., recalls vividly 
the shock he and his wife felt shortly after they 
launched their own mom-and-pop e-business in 1997 
and discovered not only the threat of fraud but also 
the double whammy from the credit card companies. 

“We thought from the beginning something was 
fishy — getting orders for herbs and personal care 
products with U.S. credit cards, all... for shipping to 
Yugoslavia,” says Mahoney. He recalls that his card 
processor had assured him that if he had an autho- 
rization number for the transaction, then “all was 
well.” But then the chargebacks started coming in, 
and banks refused to honor the transactions and 
added penalty fees for Mahoney’s business. 

Mahoney says he called some of the banks and was 
shocked to discover that many of the credit card 
numbers in question had never even been issued to 
cardholders, yet they were granted authorization 
numbers. “That’s when I learned that something was 
wrong with the system,” he says. 

Today, credit card fraud is pegged as a $160 million 
annual problem for just the top 25 online retailers, 
according to Gartner Inc. in Stamford, Conn. But 
there are some glimmers of hope for improvement. 

One encouraging sign is that Visa International 
Inc. and MasterCard International Inc. recently start- 
ed full-scale marketing of credit card systems that re- 
quire online purchasers to supply additional pass- 
words or security codes (Verify by Visa and Master- 
Card’s similar SecureCode). It’s an attempt to pro- 
vide an online equivalent of the in-store signature. 
Even more important, from the retailers’ perspective, 
merchants that join the programs will finally be 
freed from most of the liability and onerous charge- 


By Alan R. Earls 
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Possible Signs of Fraud 


= Country of origin. Orders from Romania, Mace- 
donia, Belarus, Pakistan, Russia, Lithuania, Egypt, 
Nigeria, Colombia, Malaysia and Indonesia have 

a very high incidence of fraud and often have un- 
verifiable addresses. 


= Untraceable e-mail address. In many fraudu- 
lent orders, the customer's e-mail address is pro- 
videc by a free e-mail service, which is relatively 
untraceable. 


= Express shipping. Most fraudulent orders spec- 
ify overnight or one-day shipping. 

8 Shipping address differs from billing address. 
If you are selling valuable items, it's a good policy 
to ship only to the billing address of the credit card 
holder. 


® Suspicious billing address. If the billing address 
is something generic like 123 Main St., the order 
could be fraudulent. Use Internet mapping tools to 
see if the address can be verified. 


® Request to leave at door. Someone placing a 
very valuable order who specifies that the pack- 
age is to be left at the door could be using an un- 
witting person's house as a drop-off point. You 
should require a signature upon delivery. 

















XURCE. YAHOO INC ‘S “SMART SELLING” WEB PAGE 


Merchant Fraud Squad 


This secretive group of merchants, which has 
hundreds of members, shares tips and tricks for 
combating online fraud. It recently changed its 
name to the Merchant Risk Council. 


Founding members: 

= American Express Co. 

« Barnesandnoble.com Inc. 

= ClearCommerce Corp. 

= Expedia Inc. 

« First Data Corp. 
Starwood Hotels & Resorts Worldwide Inc. 
Qsent Inc. 


SOURCE MERCHANT FRAUD SQ 


How One Merchant 
Battles Fraud 


Even small and midsize online merchants that lack the clout 
of big businesses can do plenty to defend themselves from 
credit card fraud. A case in point is Computerized Horizons, a 
small software company in Worcester, Mass. R. Scott Perry, 
the company's technology specialist, says that some bad ex- 
periences with card fraud a few years ago - compounded by 
chargebacks and chronic inaction on fraud from card com- 
panies - compelled his organization to act. 

“Since we deal primarily with businesses, all of whom 
have their own domain name, one of our main tools to help 
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backs that so irked Mahoney. Instead, banks will ab- 
sorb the costs of fraud themselves. 

But merchants, analysts and even Foster City, 
Calif.-based Visa and Purchase, N-Y.-based Master- 
Card acknowledge that no one is out of the woods 
yet and that the new programs don’t cover every sit- 
uation. It may be a few more years before the two 
companies’ programs reach critical mass and begin 
to show significant results. Plus, there’s some con- 
cern that the pop-up window that requires the new 
codes will drive some legitimate customers away. 

“The Visa and MasterCard programs won’t solve 
all the problems. They are just one tool in the arse- 
nal,” says Mick Lester, director of Web services at 
K-B Kids, a Denver-based unit of KB Holdings LLC. 
Still, he says, “with the liability shift 
to the card issuer, I definitely think 
merchants should jump aboard.” 

For now, Lester says that even with ich 
Verify by Visa and SecureCode, K-B 
Kids won't abandon its homegrown 
fraud-busting methods, such as veri- 
fying and comparing card and ship- 
ping addresses, as well as flagging 
and scrutinizing transactions involv- 
ing expensive items. 

K-B Kids also uses a scoring sys- 
tem to look for fraud, says Lester. 

The system weighs every aspect of a transaction for 
its risk potential. K-B Kids even maintains its own 
“negative database” — a file of card numbers that 
have generated problems in the past, including those 
used by consumers who claim that they haven’t re- 
ceived their shipments and refuse to pay. 

Although K-B Kids and other large retailers (no- 
tably Amazon.com Inc.) have invested heavily in pro- 
prietary fraud-prevention methods, many smaller 
organizations haven’t been able to afford those in- 
vestments, and as a result, they’ve been flocking to 
third-party services and consortia. 

For his part, Mahoney launched an organization 
called Merchant 911, which provides its members 
with a confidential forum to share fraud-prevention 
methods and air gripes about banks and credit card 
companies. Mahoney also makes available a selection 
of databases and antifraud tools. 

Meanwhile, on the West Coast, IT veteran Dan 
Clements has set up an organization called Card- 
Cops.com that provides a forum for merchants and 


detect fraud is to see if the billing address for the credit card 
matches the address that is listed in the Whois record for 
their domain or is nearby,” says Perry. (Whois is a domain di- 
rectory at www.networksolutions.com.) Like many other 
methods, this is inexact and subjective. Mismatches just 
raise questions about the buyer's legitimacy and, taken with 
other indicators, could lead Computerized Horizons to turn 
down the sale. 

Another tool calculates the distance between the area 
covered by a ZIP code and the area usually associated with 
the customer's telephone numbers. Again, mismatches raise 
questions about the legitimacy of the order. Even the IP ad- 
dress from which an order is placed can help hint at fraud. 
“At the very least, this will show the country that the person 
placing the order is located in,” says Perry. 


www.computerworld.com 


consumers to share information about what he calls 
“compromised” credit cards. Shoppers who think 
their card may have been stolen or misused can 
e-mail him at NeighborNetWatch@CardCops.com. 

But Clements, CEO of the Malibu, Calif.-based 
organization, says some of his best information 
comes from “the underground” — IT professionals at 
merchant companies who are privy to information 
about cards that may have been hacked by thieves, a 
problem that merchants are often reluctant to report. 

Clements says his staff of 12 also hunts out bogus 
or suspect cards by doing targeted Google searches 
and visiting chat rooms where, he says, cards are 
often first tested by crooks. 
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But perhaps the most significant fraud-fighting 
effort is the Merchant Risk Council, 
which until recently was known as 
the Merchant Fraud Squad. “We are 
organized much like a neighborhood 
watch,” says Cathy Black, a board 
member of the nonprofit group and 
the director of fraud prevention at 
American Express Co. in New York. 

The Merchant Risk Council has 
scores of members, including many 
large corporations. It’s secretive 
about its work and methods because, 
as Black explains, whenever a story 
comes out about a fraud-fighting strategy, the “bad 
guys” learn how to change their methods. However, 
she says the focus is on sharing emerging trends and 
information in a secure environment. 

For example, at the group’s annual conference in 
March — which was closed to the press — there 
were presentations on “global trends in cybercrime,” 
“predictive models for fraud” and “emerging fraud 
schemes,” according to the group’s Web site. 

The group is also powerful enough to lobby ven- 
dors to change their practices. For instance, Black 
says the Merchant Risk Council persuaded some de- 
livery companies to watch for suspicious activity 
such as unusual shipping patterns. 

But, as Black notes wearily, fraud isn’t going away, 
no matter what merchants and card companies do. 
“There is no magic bullet — all the fraud solutions 
have a shelf life — we will always have to continue to 
migrate toward new solutions,” she says. D 








| Earls is a freelance writer in Franklin, Mass. 


For foreign orders, Perry uses the Merchant 911 Web site, 
which has a database of credit card issuers that identifies the 
country in which a card was issued. This can be cross-refer- 
enced with the country that the IP address is registered to 
and the one in the billing address. Orders that originate from 
or include a “free” e-mail address also raise a red flag. 

Perry says the best fraud-detection tool is often just com- 
paring new orders against prior orders to look for patterns 
that aren't typical, such as the time of day when the order 
was placed. Perry says his job would be easier if all credit 
card companies maintained a database of stolen cards, but 
he's doubtful that will happen anytime soon. So, like other 
merchants, he will continue to improvise and develop work- 
arounds to keep card fraud from putting him out of business. 

~ Alan R. Earls 
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IT stars get all the glory, but your 
supporting actors get the job done. 


It’s always about the stars, the A players 
on the fast track to bonuses, promotions 
and glory. IT leaders will do nearly any- 
thing to get them — and keep them. But 
what about the rest of us? In this month’s 
Harvard Business Review, Vineeta Vija- 
yaraghavan and Thomas J. DeLong posit 
that a company’s long-term performance 
and even survival really depend much 
more on the B players, those steady, ca- 
pable performers outside 

the spotlight. Vijayaragha- 

van, a consultant at Kat- 

zenbach Partners LLC, an 
organizational strategy 

firm in New York, talked 

with Kathleen Melymuka 

about the vital contribu- 

tions of these “best sup- 

porting actors” and how to 

make sure you’re not tak- 

ing them for granted. 


Who are the B players? 

Those that, in a rough 

ranking, are neither fast- 

track — in the top 10% — 

nor struggling in the bottom 10%. Intu- 
itively, most managers can tell you who 
they are. 


You say being a B is more about tempera- 
ment than talent. Explain? Oliver Wendell 
Holmes said that F.D.R. had a second- 
class mind and a first-class tempera- 
ment. Achievement is a blend of intel- 
ligence, motivation and personality, 
and that blend makes the difference 
between A and B players rather than 
talent per se. 


Tell me about the B players who are “recov- 
ered A” piayers. At Microsoft, one of the 
top 20 performers was an A player who 
burned out and went rock climbing. He 
later came back, but to a smaller group 
— a think tank for new-product devel- 
opment. We call him a “recovered A” 
because he comes from that world. He 
maintained calling cards from that 
world. He knows how it works, and he 
can move in and out of 
that world. 


Other B players are “truth 
tellers.” Can you give me an 
example? These are peo- 
ple who have a zeal for 
the truth. They’re not 
necessarily “company 
types,” which A players 
tend to be. They’re will- 
ing to tell the truth even 
at a cost to their standing 
in the company. One was 
a manager in charge of 
building a technology in- 
frastructure for his trad- 
ing division. He discovered that some- 
one with status had paid more than the 
going price for a system. No one had 
dared raise a question, but he wasn’t 
cowed and spoke up and saved the 
company millions of dollars. 


Some B players are “go-to” people. What 
does that mean? Those aren’t functional 
experts, but they have an extraordinary 
feel for the processes and norms of the 
company. They can make connections 
and go across departments and divi- 





Managing B Players 


Advice from 
Vineeta Vijayaraghavan: 


the manager. 
“Leaders tend to be A players, 
so they’re not always the best 
managers for B players. 
They have to learn to accept 
differences and manage B players 
differently. If they’re not the best 
mentors in the organization 
for the B players, find others.” 


Give them your time. 
“A and C players tend to be the 
squeaky axles. B players just get 
the job done. Make sure you talk 
to all your direct reports, including 
those who don’t initiate contact.” 


wee reeeecesesessossoesseeseeeseses 


Nurture their careers. 
“Recognize their contributions, 
and give them choices. 
Have conversations with them 
about career paths. Consider 
what you can do to keep good 
performers who don’t want to go 
through the traditional route.” 


sions to get things done. They’re famil- 
iar with who really has the power, even 
if it’s not the person in the formal role. 


Aren’t there B players who are really just 


| plain mediocre performers? Yes, definite- 


ly. Those we categorized as middling. 
But that’s often an alignment issue — 
an issue of where and how to use their 
skills. Managers tend to not have as 
many conversations with B players 
about how to use their skills because 
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they think there’s not enough ROI in it. 


What else do B players do for the company? 
A players tend to say, “I’m the brand.” 
If a better opportunity comes up, 
they’ll jump ship. B players aren’t mar- 
tyrs, but they tend to be willing to take 
on long-term projects and stay for the 
whole thing. They are really good at 
building trust with clients through 
these long-term projects. This trust 
creates a platform for innovations that 
the A players might dream up but 
couldn’t otherwise have gotten clients 
to sign on for. They also tend to re- 
mind leaders to grow slowly. A players 
want to add head count and say they 
ran a big department. B players are 
more likely to say, “If we grow that 
fast, these are my concerns about qual- 
ity. And if the growth cycle gets cut 
short, how will we handle that?” 


How do B players help a company in transi- 
tion? They’re less affected by shake- 
ups because they’re less likely to be 
tapped for promotions or be fired. 
They provide continuity and pass on 
knowledge. They provide ballast in bad 
economic times because they stick 
around. They’re not just there for big 
bonuses. B players in an IT department 
are critical for mentoring new people 
and assimilating them into the corpo- 
rate structure. They provide cultural 
support and informal management 
while management is in transition. 


These B players sound like a lot of IT people 
I know. I think IT is full of these. IT 
people are often stars and also often 
classic B’s. IT people see things differ- 
ently. One technology company told us 
how their B players showed manage- 
ment that it wasn’t worth it to work 
long hours because long hours brought 
higher error rates and less creativity in 
product development. 


Don’t B players get tired of holding things 
together with so little credit? Yes, ab- 
solutely. They will only stay for so long 
if not recognized. Managing them 
takes more time than managers give 
them, but still a tenth of the time it 
takes to manage stars. We’re urging 
managers to spend that time. It’s a 
small investment compared to time 
they spend with A players. D 





Melymuka is a Computerworld 
contributing writer. Contact her at 
kmelymuka@yahoo.com. 





nit Harvard Business Review author 





See old apps combine with new apps. 
See customers connect with partners. 
See today’s stuff click with tomorrow's. 


sh 
‘ 
4 
~~ 











WebSphere Business Integration is if \ eclale RW) Heading Tele software for the on demand 
mote A and flexible, WebSphere lets you m@@el, | eel and Mae UaEele el oy your a] U tate 
eet WebSphere delivers an infrastruct Si Olean Ea) change, meeting business 


demands, on demand. For an meee moan eee visit eee a 


z Piet 
re es 





e 
Tha 
KT 
iM 
To 


Ree eR RS mod 
alow 


1BM, WebSphere, the e-business logo and e-business iene Etc) pea Tec SI 
trea) egrets east Merk ke kaa 


ceca fem Ot euRe Ce RR Fete ued ORCL 
©2003 IBM Corporation: Al rights reserved Rr 





MANAGEMENT www.computerworld.com 


— 4 COMPUTERWORLD June 16, 2003 


HE EXECUTIVE INFORMATION SYSTEMS 
(EIS) of the 1980s stayed in the executive 
suite and provided fancy pie charts of 
financial data. But now these business- 
intelligence tools have found a new home 
in the cubicles. 
They’ve also found some new names: 
“dashboards and scorecards,” says John 
Hagerty, an analyst at AMR Research Inc. 
in Boston. “We are now seeing them all over the en- 
terprise, and for a variety of reasons.” Hagerty says 
more than half of the 135 companies he recently sur- 
veyed are implementing dashboards, which are also 
spreading into various nonfinancial departments 
(see chart, next page). 

Dashboards aren’t just for financial data anymore. 
“At Southwest Airlines, they call them ‘cockpits,’ and 
they’re specialized so that the guy in charge of 
putting peanuts on airplanes gets a different view 
than the guy who’s in charge of purchasing jet fuel, 
says John Kopcke, chief technology officer at soft- 
ware vendor Hyperion Solutions Corp. 


The Bottom Line 


The payoff is that delivering dashboard data to front- 
line workers puts business intelligence in the hands 
of people who can exploit it to make money-saving 
decisions on a daily basis. 

Motorola Inc., for example, deployed business- 
intelligence software from Informatica Corp. in Red- 
wood City, Calif., last year to about 200 desktops in 
various purchasing offices. Falgun Patel, senior man- 
ager for sourcing systems at Schaumburg, Ill.-based 
Motorola, says his dashboard gives him unprecedent- 
ed access to purchasing information. 

“We got the system up and running in mid-2002,” 
says Patel. “Prior to that, we had to pull information 
from a variety of spreadsheets and custom databases 

‘ rhs : ; from locations all over the globe.” In fact, this is still 
of The Scotts Co. says dashboards put information in the hands of the managers who need to answer questions. § the case, but now Informatica’s software does the 


” 


pulling, and sourcing officers like Patel can get in- 
stant access to sophisticated metrics. 


“It used to take 20 days for one of our indirect pur- 
chasing officers to collect global stats,” says Chet 


Desktop business-intelligence displays are 


moving from the executive suite to the cubicles, 
where the ROI is even better. By Mark Leon 
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Phillips, IT director for business intelligence at 
Motorola. “Now it takes minutes.” 

Patel says the result is smarter, faster decisions. 
“On my dashboard, I can immediately see our global 
spend with a particular supplier,” he explains. “I can 
slice the data in a number of ways — various charts, 
historical records, purchases by departments, etc. 
This gives me exactly what I need to negotiate a bet- 
ter deal with the supplier.” 

He says the dashboard also allows him to be more 
proactive. “By com- 
bining the purchasing 
analytics on my desk- 
top with current mar- 
ket conditions, I can 
determine whether it 
is better to negotiate 
for a commodity or 
go ahead and lock ina 
supply,” Patel says. 

The result is a fabu- 
lous return on invest- 
ment. “We estimate 
that this system saved 
us about $15 million a 
month in 2002,” says 
Phillips. 


Reality Wins 

One reason for the 
democratization of 
business intelligence 
is that reality finally 
caught up with per- 
ception. “So often it is 
the high-level execu- 
tive who is seduced 
by the ‘Wow! Cool!’ 
appeal of an EIS,” 
says Deb Masdea, 
director of business 
knowledge services at 
The Scotts Co., a pro- 
ducer of lawn and 
garden products in 
Marysville, Ohio. 

But, Masdea says, it 
is midlevel managers and analysts who need the data. 
“In reality, an executive is probably going to want 
hard copy, and if there is a question, he or she will 
pick up the phone. The midlevel managers are the 
ones who have to answer these questions,” she says. 

With this in mind, Scotts decided to push data ana- 
lytics to the masses back in 1998. The project coincid- 
ed with the company’s adoption of a corporatewide 
SAP ERP system; the business-intelligence software 
is also from SAP AG. 

Prior to this, a distribution manager would have to 
pick up the phone to get the latest statistics from 
manufacturing and distribution facilities. “Now that 
manager can open a report to get a daily snapshot of 
activity,” says Masdea. “We can even pull in POS 
[point-of-sale] and inventory data from our big retail 
customers. If inventory at an outlet looks too low, the 
manager can call a sales rep or the buyer directly.” 

This is critical in the lawn and garden business, she 
says. “It is a very seasonal industry, which means it is 
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| agers have access, too.” 


NOT GOOD for 
Control Freaks 


Business- intelligence software may be ready for the 
people, but the people aren't always ready for it. 

The problem is that dashboard democracy often 
requires middle managers - for whom information 
is power - to give up some control. 

“Historically, our midlevel managers had total 
control over the green-bar reports that showed up 
on their desks,” says Deb Masdea, director of busi- 
ness knowledge services at The Scotts Co. 

But when new dashboards started popping up 
on desktops throughout the company, that data 
monopoly vanished. “Suddenly, that manager's 
boss, and some of his employees, had instant ac- 
cess to all those reports,” she says. 

It was a tough sell, and it took time to get those 
managers to release their grip on the information, 
but Masdea says two things made the transition 
successful. “We had to show these managers that 
by giving up control, they also reduced their work- 
load because they no longer had total responsibility 
for managing all that data,” she says. 

The other strategy was to sell the system from 
the business rather than technical side of the house. 
“We had analysts - superusers from the manager's 
own business units - do the training,” says Masdea. 
“These were not techie types, so they could talk to 
the managers in their own language and clearly 
show them the business benefits of the system.” 

At real estate firm CB Richard Ellis, senior project 
manager Sue Willess used similar approaches to 
make sure a new PeopleSoft scorecard system 
didn’t fall by the wayside. Plus, she shrewdly started 
deployment with office managers who she knew 
would be most resistant to change. “Our experience 
is that it is easy for people to criticize the thing they 
know the least about,” says Willess. “But these 
potential detractors will also be your biggest sup- 
porters if you can get them on board early.” 

- Mark Leon 


et 


easy to miss an opportunity,” Masdea says. “These 
dashboards empower our managers to be proactive.” 


The Daily Snapshot 


One place where dashboards are making inroads is in | 


sales departments. At Honeywell Inc.’s Specialty Ma- 
terials Division in Morristown, N.J., dashboards give 
everyone in sales a clear view into business perfor- 
mance — every day. 

In September, the division finished installing 100 
dashboards from Cognos Corp. throughout the sales 
department. “We wanted everyone to see the same in- 
formation at the same time,” says Jane Booth, director 
of data and knowledge management at the division. 

Access is truly democratic. “Sales reps can see 
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their own sales stats, but they can also see how the 
other salespeople are doing,” she says. “And man- 


Booth says she likes the results. “We moved quick- 
ly from a monthly or quarterly view to a daily snap- 


shot of what is going on. A big benefit for us is that 
| now we have a common definition and view of all 


this information.” 


In a Glass House 


| Dashboards can have a big effect on communications 
— and company politics — in the organization. 


Booz Allen Hamilton Inc. in McLean, Va., is rolling 
out Hyperion’s performance scorecard to its 1,200- 
person global operations team. Sophisticated analyt- 


| ics will allow the human resources department, for 


example, to “call up stats on turnover ... correlate 


| these with training and possibly deduce that more 


departmental training is needed,” says John Mon- 
czewski, manager of the consulting firm’s balanced 
scorecard project. 

And in the spirit of democratization, Monczewski 
says employees will be able to look at scorecards for 
all departments in the team. “I would say that 90% of 
the information is available to everyone,” he says. 
“We want people to see as much as possible.” 

Why? “It is not enough to optimize your own per- 
formance,” Monczewski says. “You need to see if this 
comes at the expense of someone else on the team. 
We don’t want people to get locked into the notion 


| that this is just a dashboard on personal metrics.” 


At CB Richard Ellis, a giant commercial real estate 
company in Los Angeles, desktop scorecards from 
PeopleSoft Inc. are used by 64 U.S. office managers 
to determine which brokers deserve to get perks or 
additional resources, based on the revenue they 
bring in. 

Previously, that process lacked precision, says Sue 
Willess, senior project manager. “Now the office 
manager can quickly see revenues, expenses and 
salaries for each brokerage team,” says Willess, and 
then determine whether a broker’s request for, say, 
an additional office assistant is really justified. 

In addition, managers can see the numbers for 
every other office. This kind of wide-open scorecard 
probably wouldn’t work in some environments, but 
it’s perfect for sales, where everyone thrives on com- 
petition, Willess says, adding, “Our office managers 
like to say now that ‘you can run, but you can’t hide.’” 

There is a potential downside to this plethora of in- 
formation: AMR’s Hagerty calls it “metric madness.” 

“Dashboards and scorecards are about measuring,” 
says Hagerty. “If measures are too broad and diverse, 
then dashboards can be a distraction.” So, not sur- 
prisingly, the democratization of business intelligence 
comes with responsibility. “It requires management 
discipline,” Hagerty says, “so you can focus on only 
those measures that really matter to the users.” D 


Leon is a freelance writer in San Francisco. 


OUTSIDE LOOKING IN 


Dashboards aren't just for employees inside the company. A 
Web-based dashboard can also be a tool for providing valuable 
data to customers in the supply chain: 

QuickLink 38769 

www.computerworld.com 
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Documentum Issued 


Records Patent 


Documentum Inc. has been issued 
a U.S. patent for its records man- 
agement technology, which auto- 
mates and streamlines the classifi- 
cation of electronic records. The 
technology is a key component 

of the Pleasanton, Calif.-based 
company’s Records Management 
Edition and Records Services for 
Email. The system handles many 
requirements of the Securities and 
Exchange Commission’s Rules 
17a-3 and 17a-4, the Health Insur- 
ance Portability and Accountability 
Act and the Sarbanes-Oxley Act. 


Mpower Hires Exec 


Russell A. Shipley 
started last week 
as the new-tech- 
nology officer at 
Mpower Communi- 
cations Corp. in 
Pittsfield, N.Y., a 
provider of broad- 
band Internet access and telephone 
services to business customers. He 
will work on improving Mpower's 
integrated data and voice product 
and the company’s facilities-based 
network. Shipley held senior posi- 
tions at Global Crossing Ltd. and 
Frontier Communications Corp., 
where he led the planning, engi- 
neering and construction of the na- 
tionwide fiber-optic network shared 
by Frontier and Qwest Communica- 
tions International Inc. 


BPO Market Will 


Grow, Gartner Says 


The global business-process out- 
sourcing (BPO) market is expected 
to grow 10.5% to $122 billion in 
2003, up from $110 billion in 2002, 
according to Gartner Inc. Large 
companies will expand outsourcing 
to entire lines of online products 
and services, such as payroll and 
transaction processing. North 
America is predicted to represent 
57% of the total BPO market, or 
$689 billion. Growth is estimated at 
10.9%, or $27 billion, in Western 
Europe and at 7.8%, or $8.7 billion, 
in the Asia-Pacific region. 
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Going 


BART PERKINS 
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OU’VE HEARD THE HYPE about how go- 
ing offshore can save you big bucks on IT 
expenses. Your CFO thinks it’s a great 
idea. You’ve completed a baseline of your 
IT portfolio. Now you're ready to develop 
your sourcing strategy and determine which work to 
outsource and whether you want any of it done off- 
shore. In addition to the concerns that go along with 
outsourcing any function, some special considerations 
need to be addressed as part of the offshore decision: 


@ Intellectual property. De- 
termine to what degree any 
intellectual property you 
either take offshore or de- 
velop offshore will be pro- 
tected in the courts. Some 
countries don’t offer the 
same levels of legal protec- 
tion found in the U.S. and 
Western Europe. 

@ Privacy and security. Laws 
such as the Health Insur- 
ance Portability and Ac- 
countability Act and Cali- 
fornia’s Cyber-Security Act 
[QuickLink 38357] mandate 
the way data must be han- 
dled and the actions that 
must be undertaken in the 
event that data is compro- 
mised. European Union law regulates 
where data must be physically stored 
and what data can be transmitted 
across country borders. Lower-cost 
countries follow U.S. and European 
law to differing degrees. Beware. 

® Geopolitical risk. War or terrorism 
could hurt the ability of your offshore 
provider to operate. While 9/11 proved 
that the U.S. isn’t immune to terror- 
ism, each part of the world has its own 
risks. The U.S. Department of State 
maintains a Web site (http://travel. 
state.gov) describing the potential risk 
of terrorist activities by country. 





@ IT infrastructure. Lower- 
cost countries don’t always 
have the same capabilities 
we take for granted in 
highly industrialized coun- 
tries. When I was CIO at 
Dole Food, we had to re- 
move several PCs from re- 
mote Philippine farms be- 
cause the locals stole the 
telephone wires to sell the 
copper. 

In Honduras, we had an 
uninterruptible power sup- 
ply (UPS) to keep the com- 
puter running when one of 
that country’s frequent 
blackouts hit. Unfortunate- 
ly, we didn’t have a UPS for 
the computer room’s air 

conditioner, so we kept it as cold as 
possible and gave the staff ski jackets. 
When the power went out, the staff 
spread plastic sheets over the comput- 
er to prevent the condensation from 
overhead pipes from dripping into the 
computer. 

@ Travel. Geography may not be your 
friend. If it requires 18 hours in a plane 
(and an expensive ticket) to get to 
your offshore facility, you won’t visit it 
very often. Moreover, travel inside a 
Third World country can be very 
time-consuming and difficult — roads 
and bridges may be poorly maintained 
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Check on 
Offshore 


or targets of terrorist activities. Finally, 
travel in some countries requires 
many additional vaccinations. 

@ Communication. Both the sales staff 
and the technical staff at the outsourc- 
ing vendor need to have excellent Eng- 
lish skills. You don’t want to have to 
use an interpreter whenever a prob- 
lem arises. Moreover, if your provider 
is in a different time zone, find out if 
they’ll work when you work (even if 
it’s the middle of their night). If your 
workdays overlap for only a few hours, 
communication will be difficult. And 
your crisis will never occur during the 
overlap! 

® Culture. Cultural differences need 
to be understood and leveraged. It’s 
easy to inadvertently insult offshore 
partners if you aren’t careful. Greet- 
ings, forms of address, gestures, value 
systems and punctuality vary widely 
around the globe. 

For example, Americans tend to glo- 
rify the hero and question authority. 
But, according to recent diversity 
studies, some Asians do what they’re 
told even when they disagree with the 
approach. Study the local customs 
carefully before venturing abroad. 

® Political backlash. Many of your em- 
ployees are unhappy with the number 
of jobs going offshore. Be prepared to 
address negative publicity and, in 
some cases, staff sabotage. 

Going offshore presents unique 
challenges. Addressing them directly 
as part of your initial offshore decision 
will mitigate your risk and increase 
your chances of success. D 


BEFORE YOU 60... 


Read Bart Perkins’ previous column on preparing for the 
offshore experience: 


QuickLink 37545 
www.computerworld.com 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 





Find out when 
Computerworld 
publishes the 
results trom our 
17th Annual 
Salary Survey of 


[1 Professionals! 
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How much are other IT professionals with your experience and credentials earning? 
With help from you and your IT colleagues across the country, Computerworld will 
answer those questions with results from our 1/th Annual Salary Survey. 


Please take our survey now and enter a drawing to win a $499 gift certificate from 
Amazon.com. Our survey period closes on Thursday, July 3 at 5:00 p.m. 


Survey results and feature stories that offer practical career advice will be published in 
the October 27, 2003, issue of Computerworld. The issue will offer detailed informa- 
tion on average salaries and bonuses, by title, industry and region. You'll be able to 
compare your organization's compensation plans with those of other 

organizations and find the hottest areas of the country for IT pay. 
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LAN ADMINISTRATOR: Duties 
include: Applying advanced 
knowledge of computer sys- 
tems, hardware and software, 
network protocols and end user 
requirements to maintain and 
manage large LAN system 
Monitor and respond to complex 
technical control software prob- 
lems utilizing a variety of soft- 
ware testing tools and tech- 
niques. Analyze and recover 
LAN systems and applications 
and fix/troubleshoot daily issues 
related to accessing information 
and/or application. Provide sys- 
tem solutions to internal units for 
accessing their information and 
task autoimmunization. Admin- 
ister and configure Servers and 
their network resources to pro- 
vide information access to inter- 
nal users. Establish personal 
and shared network storage for 
data and application files, and 
maintain the network security 
and network printing. Study ven- 
dor products to determine those 
that best meet system needs. 
Train team members in network 
protocols. Daily work with 
Windows NT and Novell net- 
works; Bindview, LDAP, NDS, 
PC/LAN, TCP/IP, IPX and 
Zenworks. Min. Reqt's: BS/BA 
(foreign equivalent accepted) in 
CS, MIS or related field of study 
plus 2 yrs exp. in job offered or 2 
yrs exp. in related occupation 
(i.e. Networking or Systems 
Analysis) MUST possess 
demonstrated expertise in the 
following: (1) Network Admin 
and implementation in Windows 
NT and Novell multi-protocol 
environments for large networks 
(100+users); (2) Project 
Management experience using 
Bindview network management 
software; (3) Documentation of 
network procedures and training 
materials; and (4) Using: LDAP, 
NDS, PC/LAN, TCP/IP, IPX and 
Zenworks. Basic pay is $44,000 
per year FT and standard com- 
pany benefits. EEO. Submit 2 
resumes and respond to Case 
No 2002-02287 Labor 
Exchange Office, 19 Staniford 
Street, ist Floor, Boston, MA 
02114 


IT PROFESSIONAL 
www.maximaconsulting.com has 
immediate openings for Software 
Engineers and Analyst/Program- 
mers for assignments in Boston 
North East with the following skills 


INTERNET COMPUTING 
JAVA Design & Architecture 
JAVA/SWING/EJB's 
ACTUATE/eTOOLS 
ASP.NET 

QA TESTERS 
PM/Business Analysts 
CLIENT/SERVER 
UNIX/C++/PERL/SQL 
Oracle Financials 
Oracle/Sybase DBA's 

UNIX Admin./NT Admin 
VC++/VB/COM/DCOM 
Data Warehouse Specialists 


Maxima Consuiting, Inc. 
27 Water Street 
Wakefield, MA 01880-3038 


Cart 
(781) 246-9500 


GIS DATA ADMINISTRATOR: 
Coordinate physical changes to 
computer data bases; and codes 
tests, and implements physical 
data base, applying knowledge of 
data base management system; 
Design logical and physical data 
bases as well as maintain, man- 
age and update land base layers 
including all editing, archiving and 
SDE maintenance by using the 
following computer languages 
and software: Java Script, Oracle 
7.x/8.x, IBM unix environment 
internet Application Develop- 
ment, Visual Basic, C, C++ and 
GIS. Job is in Juno Beach 
40hrs/wk, 8:30am-5:00pm/ M-F. 
must have 2 yrs. Exp. in job 
offered or 2 yrs in related occupa- 
tion (Software Analyst); Please 
send resume to SUI TECHNOLO- 
GY, INC. at 3201 W. Griffin Rd. 
Ste#203, Dania, Fi. 33312 
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Medical System Engineer: Drive 
international medical customer 
needs into detailed product design 
and implementation plans as well 
as provide system-level support 
during the development phase. 
Work with international customers, 
applications engineers and soft- 
ware engineers during the devel- 
opment stage to break down pro- 
gram requirements into a medical 
imaging system definition. Define 
Project requirements with the engi- 
neering organization and program 
Management in order to create an 
overall engineering plan, and vali- 
date this solution with customers. 
Work with hardware and software 
architects to analyze the use of 
new technologies and architec- 
tures to converge onto new sys- 
tems solutions for the traditional 
and new market opportunities in 
medical imaging applications such 
as MRI, CT, Digital X-ray and 
Ultrasound. Requirements include 
a Master's degree or equivalent in 
Computer Science, an Engineer- 
ing discipline or closely related 
field and two years of work experi- 
ence in the job offered or related 
field of medical imaging system 
engineering. Applicants must have 
unrestricted authorization to work 
in the United States. Salary 
$75,899/year. 40 hours/wk. Res- 
pond with two copies of resume to 
Case #200201917, Labor Ex- 
change Office, 19 Staniford St., 1st 
Fi., Boston,MA 02114 


Web Developer for Miami to 
develop software for per- 
sonal financial planning and 
life insurances especially 
for the Dutch market using 
online version, desktop with 
online technology using 
XML and XSL, MSMQ and 
BIZTALK. Full time position 
M-F pays market level 
salary. Applicants with 5 yrs 
related exp send resumes 
only to Human Resources, 
Sungard, 2000 S. Dixie 
Hwy, Miami, FL 33133 


Software Engineers with 
extensive design, develop- 
ment, maintenance and sup- 
port experience for complex 
software systems to work in 
our Anchorage, AK office 
Advanced level computer 
skills a must. Send resume to 
SAIC, 1049 w. 5!) Ave., 
Anchorage, AK 99501, Attn: 
H.R., Req#SWE, or on-line 
to ETSG.ALASKA@saic.com 
with Req#SWE in subject line. 
EOE 


Navision Developer: Develop/pro- 
gram customizations in Microsoft 
Navision Financial package; design 
& document user specified solu- 
tions; create system & end user uti- 
lization reports; manage data con- 
version (flat files, importation pro- 
grams, etc.); provide Navision 
AVISTA customer support; teach 
development classes; program 
installation & setup of client/server 
software on Navision server & SQL 
server. Req. 4 yrs work exp in job 
offered or 4 yrs exp in related occu- 
pation as Developer or any suitable 
combo of edu., training, and/or 
work exp. Send resume to 
Compusystems of Georgia, Inc. 
3100 Breckinridge Bivd., Ste 725. 
Duluth, GA 30096 Ref BN 


Principal Dbase Administrator. Util- 
ize knowledge of a variety of corp. 
‘computing and dbase products & 
services to dev., implement, main- 
tain and test numerous dbase sys- 
tems utilized by co. Lead products 
& subprojects of significant tech 
complexity. Coordinate app. roll- 
outs, s/w upgrades, & data migra- 
tion. Also measure capacity and 
conduct workload & performance 
analysis & analyze highly complex 
tech sys problems. Responsible for 
providing dbase admin support for 
Corp and Commercial markets 
apps. Utilize high-level expertise in 
MS SQL Server & Sybase ASE & 
Replication Server, high-level com- 
petence in AIX and Windows 2000 
dbase des., SQL access path an- 
alysis and tuning, dbase perf. tun- 
ing, and backup/recovery. Depict 
highly complex ideas, issues and 
designs to varied audiences & com- 
municate project objectives, scope 
& direction across project teams 
identify analyze and resolve prob- 
lems that occur within midrange 
distributed processing architec- 
tures and provide emergency off- 
shift support & occasional weekend 
implementations. Emergency off 
hours support and some weekends 
in addition to f-t sched. may be nec. 
at times. 


Bach in CS, Eng, or related (or 
equiv) + 5 yrs exp utilizing AIX tools 
& utilities and shell scripting req'd 
At least 3 of 5 yrs must incl exp w/ 
Sybase, and SOL Server. $85,000/ 
year full time. 


Applicants should direct two (2) 
resumes to: Job Order # 2003-194 
PO Box 989 Concord, NH 03302- 
0989 


System Administrator reqd for 
Imp/Exp & seller of foreign 
goods in NYC Admin 
win/servers & app. s/ware & 
monitor servers & LAN to ana- 
lyze/resolve support related 
issues, maintain systems report- 
ing for performance optimization 
& upgrades; maintain, dev. & 
update d/base on SQL Server 
2000 envrmt; maintain & per- 
form web server backup & 
recovery. Bach in Comp Sci & 1 
yr exp in field or 1 yr exp as IT 
Mgr reqd. 40hr/wk, 9a-5p. Send 
2 resumes to Hind Fashion, Inc, 
1220 Broadway, #800, NY, NY 
10001 


Saras has openings for IT pro- 
fessionals. BS/MS is must. Skills 
in SAP, Baan, Peoplesoft, 
Oracle Apps, Sybase, AS/400, 
VB, PB, JAVA, JavaScript, 
PERL, Cat, HTML, XML, C, 
C++, OOPS, Web logic & Lotus 
Notes preferred. Also want 
Marketing Executive. 
resume@sarasamerica.com 


Infogen is seeking IT profession- 
als. Req. BS. Skills in following 
area are plus Oracle9i, 
Weblogic / WebSphere, C++, 
Visual C++, VB, COM, STL, 
MTS, MSMQ, ASP, Java, HTML, 
XML, MTS, MSMQ, ADO, UML. 
Travel is required. Send resume 
to infojobs@infogeninc.com 


PROGRAMMER-ANALYSTS 
needed at client sites to analyze 
s/ware suitability, define d/bases 
& applic patterns & write reqmts 
for system architecture, dvip & 
integrate project & maintain & 
support project using 
Persistence, Visibroker, Purify & 
Quantify (Rational), Rational 
Rose, C++, Rogue Wave 
Libraries, Oracle, VC++, COM 
OLEDB for IP (internet 
Publishing), 11S, iMAN & 
iMAN/DAV portals. Apply to 
Hireme, Global Consultants, 25 
Airport Rd, Morristown, NJ 
07960 
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Senior Systems Analyst (Chicago, 
IL) - Senior OO developer with 
experience in OO technologies to 
play a key role in the design, cod- 
ing, implementation and supportof 
pharmacy operations applications 
and initiatives. Will be responsible 
for the design, coding and imple- 
mentation of complex modules in 
JAVA, JAVA script and HTML for a 
system requiring quick perfor- 
mance and throughput. Will utilize 
Websphere to tune and debug 3- 
tier architecture applications to opti 
mize performance. Will lead team 
members in applying new technolo- 
gy. Must have a B.S. or equiv. in 
Comp. Sci., Management Info. 
Sys., Eng.or related field and 5 yrs 
of exp. in the job offered or 5 yrs of 
exp. in a position involving full life- 
cycle business software develop- 
ment. Exp. gained may have been 
obtained concurrently and must 
include: (i) 2 yrs exp. in OO JAVA 
analysis, design and development; 
(ii) 2 yrs exp. each in VisualAge 
JAVA, JAVA Script, SQL and UNIX; 
(iii) proficiency in Websphere and 
its relation to 3-tier architecture 
systems; (iv) 2 yrs exp. designing, 
coding, testing and implementing 
complicated modules as part of a 
high volume transaction systems 
with proficiency in tuning systems 
to achieve maximum performance; 
and (v) 1 yr exp. leading team 
members in applying new technolo- 
gy. Must have proof of legal author- 
ity to work in the U.S. Submit 
resume to C. Hsien (REF:SSA), 
Caremark Inc., 1000 Lakeside, 
Bannockbum, IL 60015. 


Software Engineer. 8a-5p. 40 
hrs/wk. Dsgn, dvip, impimt & 
coord integration of s/ware 
systms applying knowl of com- 
munications, network mgmt, 
parallel processing, comp systm 
architecture, comp graphics & 
systm s/ware. Masters or equiv 
in Comp Sci, Info Systms, 
Electrical, Electronics or related 
field of Engg reqd. In lieu of 
Masters, Bach in specified 
majors & 5 yrs of progressive 
work exp as comp profil 
wiabove skills accepted. Res- 
ume to: Allied Informatics, Inc, 
6525 The Corners Parkway, Ste: 
110, Norcross, GA 30092 


Seeking qualified applicants for the 
following positions in Memphis/ 
Collierville, TN r 
Application Analyst. Act as liaison 
between technical developers and 
users/customers. Requirements 
Bachelor's degree* in computer 
science, math, statistics, business 
administration or related field plus 5 
years of experience in analyzing 
business systems and developing 
technical automated solutions. Ex- 
perience with Java; application ser- 
ver (either WebLogic, WebSphere 
or JRUN); and UNIX also required. 
“Master's degree in appropriate 
field will offset 2 years of general 
experience. Submit resumes to Sibi 

FedEx Corporate 

1900 Summit Tower 
Bivd., Suite 1400, Orlando, FL 
32810. EOE M/F/D/V. 


Software Engineers needed by 
Alpharetta based IT Co - Bachelors 
degree with 1-2 years of experi- 
ence in job. Exp in Skill sets incl 
Java, JSP, Serviets, JDBC, XML, 
TIBCO, UML, Unix, NT, VB, ASP, 
C#, .Net, Business Objects, Crystal 
Reports, Oracle, SQL Server, Java- 
Script, XML, C, C++, AS/400, CO- 
BOL, DB2, CICS, JCL, MVS, 
VSAM, Embeded/Firmware, Cold- 
fusion, Perl, PHP, Network Admin- 
istration. Rational Clearcase Ad- 
ministration, Netscape proxy serv- 
er, Microsoft Exchange Server 
Administration, MQSeries, WEB 
Methods, Vitria, SAP, Peoplesoft, 
Lotus Domino Server Administra- 
FREQUENT TRAVEL RE- 
resumes to 
jobs0603@anisi.com. 
Ref: Ad#3308. 


Software Developer 


Duties: Responsibilities include the 
design, development, and support 
of several applications, including 
interfaces with the Marketing 
Systems Intranet, desktop applica- 
tions, and the enhancement of 
existing systems. Additionally, the 
incumbent will utilize cutting edge 
technologies in enterprise-level 
development tools; work on plat- 
forms that include NT Server clus- 
tering technology; and develop 
client/server database applications 
and database driven web sites and 
applications 


Requirements: Bachelor's Degree 
in Computer Science, related disci- 
pline, or technical training and a 
minimum of three years related 
technical experience required. Ex- 
perience developing complex 
Windows NT GUI database and 
Web applications using Power- 
Builder, Visual Basic, MS Visual 
interDev, DHTML, SQL Server, and 
UNIX also required. Incumbent 
must also have project manage- 
ment experience and a detailed 
understanding of application soft- 
ware and Systems Design Method- 
ology w/ability to transfer this know- 
ledge in the form of new technical 
directives and initiatives. 


Please forward your resume and 
cover letter referencing Job Order 
#37277 for a Software Developer 
to: 


Bureau of Labor Standards 
45 State House Station 
Augusta, Maine 04333-0045 


Database Administrator 
wanted by medical 
group in Monterey Park, 
CA. to design, imple- 
ment and maintain data- 
base on network. 3 
years experience req- 
uired. Send resume to 
Andrew S.O. Sun, M.D., 
Inc. at 929 S. Atlantic’ 
Blvd, Monterey Park, 
CA 91754. 


Gimme the Best LLC (Houston, 
TX) is seeking a Computer 
Programmer. 1 yr. exp. using 
MASM, SQL ReportWriter/Menu 
and Objective-C. Send resume to’ 
6601 Stillwell, Houston, TX 77087 
or jobs@gimmethebest.com 
Attn: Jill 


F.S. Construction is seeking an 
Industrial Engineering Program- 
mer. 6 mon. exp. in SAP R/3 
Enterprise, Primevera Project 
Planner V3.0, and MS Project. 
Mail resume to 19 Briar Hollow 
Ln, # 270, Houston, TX 77027 
Attn: Mike Poona, or email 
mpoona@fsdesignbuild.com 


Programmer Analyst needed to 
research/design/develop computer 
software systems, applying princi- 
ples and techniques of computer, 
science, engineering, science, and 
mathematical analysis, using Cobol 
ll, MVS, TSO/ISPF software. Must 
have Bachelor's Degree in Engin- 
eering, Science or Computer Sci- 
ence and two years of prior work 
experience in the job offered or as 
a Programmer. Must also have two: 
years of experience using Cobol Ii, 
MVS and TSO/ISPF software 
$64,378.08 per year. 40 hrs/wk 
8am-5pm. Send resumes to 
MDCD/ESA, P.O. BOX 11170 
Detroit, Mi 48202-1170. Ref. No. 
210054. ‘Employer Paid Ad’ 


Computerworld + InfoWorld +» Network World + June 16, 2003 


Senior Consultant & Quality 
Assurance Specialist 


170 Systems, Inc. provides ad- 
vanced, Web-deployed solutions 
that enable e-businesses to cap- 
ture and manage all of their infor- 
mation online, collaborate and 
optimize intra-company and B2B 
transactions. Through content 
management, document imaging 
and workflow products and ser- 
vices, we help companies and 
government agencies to integrate 
their information across their 
enterprise applications. We man- 
age major implementations for 
Global 1000 companies in more 
than 40 countries. 


170 Systems seeks top-notch, tal- 
ented individuals to join the 170 
Systems team. 170 Systems is a 
dynamic, fast-paced organization| 
with a commitment to excellence 
in everything that we do. If you are 
looking for a challenging position 
as a Senior Consultant, a 
Quality Assurance Specialist, or 
a similar position in a growing) 
leading-edge software company, 
then please visit the Careers sec- 
tion at www,.170systems.com to 
apply. 170 Systems is an equal 
opportunity employer. 


var 


managers 


than any 


the world. 
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1A Foundation for Medical Care 
has multiple Programmer III job 
openings for which we need to 
hire expd prgmrs. Candidates 
must have bach & at least 4 yrs 
exp in prgmg or equiv. Req skills 
incl: Java, C, C++, SQL, J2EE 
Serviets, JSP, Java Beans 
JDBC, XML, XSLT, multi-thread- 
ed Java application dvipmt 
Oracle. Exp prgmg, impimtg & 
testing web-based applics on 
Unix & Win NT/Win2K. Some 
job openings also req Java 2 
Platform Sun Certification, exp 
impimtg content mgmt systms to 
websites, &/or demonstrated 
proficiency with Eclipse 
NetBeans Java, IBM VisualAge. 
1BM WebSphere, Junit, Swing. 
Apache Jboss, Tomcat 
Rational Rose. Send resume to 
Anne Dennis, 4725 121st St, 
Des Moines, IA 50323-2316 


IT co in Philadelphia, PA with 
multiple openings seeks Sftwre 
Enggs/Prog Anylsts w/foll skill 
sets: 

1. C, C++, VB, Dev 2000 
Oracle, SQL, Javascript & 
Crystal Rprts. (Job Code NEA). 
2. Oracle, SQL, PL/SQL, Dev 
2000, VB, VBScript, JavaScript 
CGI & Rational Rose (Job 
Code OJR) 

3. Oracle, Dev 2000, Desgnr 
2000, Java, SQL” Loader, VB 
Unix ShellScripts & HTML (Job 
Code UVS) 

Req Bach/Masters or equiv in 
Comp Sci, Engg, Tech, Sci or 
equiv & min 1-3 yrs exp. Send 
resume to Edge Technologies 
Inc., 1822 Spring Garden Street 
Philadelphia, PA 19130. fax 
973 331 9390 

e-mail: nat@edgtek.com 


Seeking qualified applicants for the 
following positions in Memphis 
Collierville, TN: Senior Programmer 
Analyst. Formulate/define function- 
al requirements and documentation 
based on accepted user criteria 
Requirements: Bachelor's degree* 
in computer science, MIS, engineer 
ing or related field plus 5 years of 
experience in systems/applications 
development. Experience with eith. 
er Java, JSP, EJB or J2EE; and writ- 
ing applications that interface with 
relational databases (either Oracle. 
Sybase, SQL Server or Teradata) 
also required. “Master's degree in 
appropriate field will offset 2 years 
of general experience. Submit 
resumes to Sibi George, FedEx 
Corporate Services, 1900 Summit 
Tower Bivd., Suite 1400, Oriando 
FL 32810. EOE M/F/D/V. 


Computers - Senior Software 
Professionals needed 
Seeking qual. candidates 
possessing Bachelor's in CS, 
1S or equiv. and/or rel. work 
exp. Part of the req. rel. exp 
must include 2 yrs. working 
with SQL Server, Visual 
Studio & Rational Rose. Two 
years exp. in public health 
service preferred. Must be 
willing to travel & relocate as 
req'd. Fwd. resume & ref. to 
Cal2Cal Corp., Attn: HR 
2182 DuPont Dr., #213 
Irvine, CA 92612 


Programmer Analysts 
(multiple positions) 
sought by Edison, NJ- 
based s/ware consultancy 
firm. Must have Bach or 
equiv in Comp Sci & 3 yr 
s/ware exp. Respond to 
AK Systems, Inc, 100 
Metroplex Drive, Suite 
303, Edison, NJ 08817 or 
http://www.aksystems- 
inc.com/joinnow.htm. 
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Senior Software Engineer-Piatform 
Services: Lead and participate in 
the specification, design, develop- 
ment and support of company 
Product including the overall archi- 
tecture, component interfaces and 
communication schemes, client 
and server-side programs written 
in Java and C++, Jave and C++ 
based product APIs, and Oracle 
SQL Server and LDAP database 
schemas. Assist with development 
of project plans and schedules. 
Follow rigorous software engineer- 
ing standards including developing 
product requirements, functional 
and design specifications and 
adhering to coding standards 
Create new tools and procedures 
to enhance the development 
process. Lead efforts to identify 
and resolve any product perfor- 
mance issues. Mentor junior engi- 
neers. Requirements include a 
Bachelor's degree or equivalent in 
Computer Science, an Engineer- 
ing discipline or closely related 
field and four years of work experi- 
ence in the job offered or related 
field of development of large-scale. 
high-performance systems and 
network management systems 
and protocols using Java and C++ 
Applicants must have unrestricted 
authorization to work in the United 
States. Salary $92,833/year. 40 
hours/wk. Respond with two 
copies of resume to Case 
#200201884, Labor Exchange 
Office, 19 Staniford St.,ist Fi 
Boston, MA 02114 


Programmer/Analyst - Handheid 
Devices (Atlanta, GA) interpret 
reqmts of Handheld Project 
Team & translate into dsgn doc- 
umentation and/or coded solu- 
tions. Conduct testing of hand- 
held systems. Maintain & 
enhance components of hand- 
held, desktop, & AS400 systms 
Provide tech assistance to team 
members & end users. Other 
duties as reqd. BS in Comp Sci 
or Engg (or foreign equiv.) & at 
least 3 yrs of handheld systms 
prgmg & dvipmt exp. Applicant 
must have extensive exp (at 
least 1.5 yrs) working w/.NET 
Compact Framework, Windows 
CE, C++, & VB. $60K. Submit 
resumes to: K. Bunkley, Rollins 
Inc., 2170 Piedmont Rd, NE 
Atlanta, GA 30324 


Computer Progr. for full life- 
cycle applic. dev. & maint. for 
CDC's STD Curriculum websites 
in Training/ Health comm 
Develop user mgmt. system for 
website. Develop curriculum 
portal using ASP 3.0, MS SQL 
Server 2000, HTML 4.0 
DHTML, Style Sheets (CSS) 
VBScript 5.0, and JavaScript 
1.2. Develop US § 508 com- 
plaint web pages and support 
downloading of document in MS 
Word, MS PowerPoint, Acrobat 
pdf using Bobby Worldwide 5.0. 
Requires Bachelor's degree in 
Comp. Science or Equivalent + 
2 yrs. exp. in job duties. In lieu 
of Bachelor's degree will accept 
candidates with 5 years of IT 
exp. Comp. salary. Apply: BCA, 
2180 Satellite Bivd., #325 
Duluth, GA 30097 with proof of 
permanent work authorization in 
the United States 


Programmer, Gainesville, 
FL - Design, engineer 
and test computer pro- 
grams and systems for 
information technology 
company. BS in Com- 
puter Science. Salary 
commensurate with exp. 
40 hrs/wk, 8 AM — 5 PM, 
M — F. Mail resume to: 
Info Tech, Inc., 5700 SW 
34th Street, Suite 1235, 
Gainesville, FL 32608. 
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OUR PEOPLE MAKE THE 
DITTEPENCE waeemar’r secs 


We’re Looking for the Future Leaders of Tomorrow 


Wal-Mart Stores, Inc. has been recognized by 
Fortune Magazine as one of the most admired compa- 
nies in the world. As our company continues to 
expand, so does the opportunity for first-class, talent- 
ed people to guide the future of one of the most suc- 
cessful and 
innovative growth companies in the world. 

Put your career on a fast climb and help us continue to 
set the industry standard in information technology. 


* UNIX - C, C++, Administration, Engineering, 
Informix DBAs 
+ NT Workstation - VB,VC++, Java, ASP, XML 


« IBM Mainframe - COBOL, CICS, DB2 and 


IMS DBAs 


+ Networking - Ethernet, VSAT, Frame 


Relay, ATM 


+ Telecommunications 


WalMart Is An Equal Opportunity Employer. 4/F/D/V 
*2000 WalMart Stores, inc. 


Software 
Data Conversion Specialist 


Data Conversion Specialist, 40- 
hr wk, 9AM-5PM. Associates or 
foreign degree equiv in comput- 
er science + 2 years in job 
offered or 2 yrs as Systems 
Analyst. Provide technical skills 
to ensure a successful, quick 
and accurate conversion of data 
from all systems; provide input 
to the detailed implementation 
project plan; provide a channel 
of communication with imple- 
mentation and support to repre- 
sentatives; keep specifications 
current throughout the projects; 
work with client representatives 
to determine specifications for 
data mappings including analyz- 
ing source data, writing SQL 
queries; dev >, test and imple- 
ment automated data conver- 
sion routine including programs 
for extraction, transformation 
and loading of data to the new 
database using Visual Basic and 
SQL or FoxPro. Submit resume 
to: jobs@campusmgmt.com or 
Joe Bozza, HR _ Director 
Campus Management Corp 
777 Yamato Rd, #400, Boca 
Raton, FL 33431 


Programmer Anaiyst, 40-hr wk 
8 - 4PM, Bachelor's or foreign 
degree equiv. in Computer 
Science or Computer Engg. or 
Electrical Engg.+ 2 yrs exp. in 
job offered or 2 years as 
Systems Analyst. Analyze 
review and rewrite programs: 
prepare records and reports; 
consult with staff and users 
identify operating procedure 
problems; formulate and review 
plans regarding steps required 
to develop programs; devise 
flow charts and diagrams; mod- 
ify programs. Resume to 
Cianna-Andrea Corp., 4210 NW 
4 St., Miami, FL 33126. 


DATABASE ADMINISTRATOR 
DBA is responsible for adrninis- 
tration and control of depart- 
ments data resources, including 
RDMS, and for providing com- 
plete DBA support and adminis- 
tration for Production, Pre- 
Production and Development 
Servers. Duties include: utilizing 
data dictionary SW to ensure 
data integrity, security, and to 
eliminate data redundancy; pro- 
vide technical design and data 
modeling; coding procedures 
and triggers; licensing issues 
maintain SW tools and applica- 
tions; conduct tuning; maintain 
an enterprise wide data reposi- 
tory; secure and maintain all cur- 
rent and future applications to 
ensure recoverability; provide 
end users with training and 
answers for technical issues 
create documentation for data- 
base applications, and migrate 
databases to different storage 
and operating platforms. Daily 
work with: Sybase 11.5.1, HP 
UX 11, Solaris 2.7, Oracle 
WinNT, SQL and UNIX scripts. 
Must be available 24x7 for beep- 
er customer support calls. Min 
Regqts: BS/BA (foreign equiva- 
lent accepted) in CS, MIS or 
related field of study plus 2 yrs 
exp. in job offered or 2 yrs exp. 
in related occupation (i.e 
System Analyst or 
Developer or related) 
possess demonstrated expertise 
with: (1) Database support and 
administration for Production, 
Pre-Production and Develop- 
ment Servers; (2) Database 
development in Sybase 11.5.1 
HP UX 11, Solaris 2.7, Oracle. 
and WinNT environments; and 
(3) programming in SQL and 
Unix Scripts. Basic pay is 
$58,000 per year FT and stan- 
dard company benefits. EEO. 
Submit 2 resumes and respond 
to Case No. 2002-02286, Labor 
Exchange Office, 19 Staniford 
Street, 1st Floor, Boston, MA 
02114 


Ready to do it all? Candidates interested in joining 
our team should forward a resume to: 


Wal-Mart Information Systems Division 


Attn: Recruiting Department 


805 Moberly Lane M41 


Bentonville, AR 72716-0560 


Fax: (479) 277-4227 


E-mail: ISDADS@wal-mart.com 


For more information, call toll-free: 


1-888-JOBS-ISD or visit our 


Web site at: 


www.walmartstores.com 


Manhattan Associa Inc., a 
worldwide leader in supply chain 
execution systems is looking for 
IT professionals to join our team 
at our Atlanta, GA, Burlington 
MA, and Mishawaka, IN loca 
tions. Operations Research 
Analyst. Analyze complex 
mgmt info req. for transporta 
tion/logistics optimization-based 
decision support sys; incorpo- 
rate math & computer models & 
other analyticai approaches to 
deliver research based aigorith 
mic/ heuristic solutions for re- 
engineering into production- 
ready engines & incorp into 
existing software apps. Req 
PhD in operational research 
transportation or logistics & doc- 
umented research in transporta- 
tion or logistics optimization 
implementation Consultants. 
Consultants & specialists will 
coordinate client projects & 
interact with client org, evaluate 
client bus ops & sys environ- 
ments to implement client pro- 
prietary software sys, advise & 
design sys test plans, develop 
test & product environ at client 
sites, & develop proposals & 
supports for sales presentations 
Req: BS in comp. sci, engg, or 
related tech. field (some req 
MS). Substantial travel req 
Quality Assurance Analysts. 
Assist in design & develop of 
software test procedures, plans 
& automated scripts using J++ 
and IBM Rational Robot to auto- 
mate software testing. Prepare 
test recommends & doc. proce- 
dures for product design thru 
production. Evaluate test equip 
used to perform quality checks. 
Document defects & assist with 
repairs. Maintain defect tracking 
system. Req. BS in comp. sci 
engg, or related tech. field. 
Resumes to J 
Manhattan Associates 

Windy Ridge Pkwy, 7th FI 
Atlanta, GA 30339 
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NETWORK PLANNING ANA- 
LYST LEAD: Duties include 
Responsible for network needs 
assessment and for architecture 
design and f strategic 
high perform twork solu- 


gh-speed swit 

works, PKI/SSL, and least privi 
lege best practice. Pr 
senior level technical leadership 
in solutions design and im 
mentation across the organ 
tion, working wi th mpl 
mentation an roduction sup- 
po ams. Will assess the 

t on issues such as scaia- 
bility, maintainability, reliability 
extensibility and usability for 
planning and designing high 
level network system architec- 
ture. Implement authorization 
authentication and access con- 
trol procedures. Daily work with 
Siteminder, NOS design, Novell 
Netware, Windows NT and 20001 
security procedures. Min Reqs. 
BS/BA (foreign equivalent 
accepted) in CS, MIS, or related 
fieid of study plus 2 yrs exp. in 
job offered or 2 yrs exp. in a 
related occupation (i.e. System 
or Network Support/Analysis) 
OR IN ALTERNATIVE 4 yrs 
exp. in job offered or related 
occupation in lieu of BA/BS plus 
2 years exp. MUST possess 
demonstrated expertise in the 
following: (1) Network modeling. 
architecture, and NOS design 
(2) Security procedures for 
Novell Netware, Windows NT 
Server, and Windows 2000; and 
(3) IP, Wan, Internet or internet- 
working. Basic pay is $58,000 
per year FT and standard com- 
pany benefits. EEO. Submit 2 
resumes and respond to Case 
No. 2002-02299 Labor 
Exchange Office, 19 Staniford 
Street, ist Floor, Boston, MA 
02114 





COMPUTER/IT 


Sr. Project Mgr, Ntwrk Svcs 
Hauppauge, NY. Assist US & 
South African dvipmt teams to’ 
dvip & implement Primer Servic- 
es. Consult w/ US & S. African 
clits. & document proposed tech 
sol'n (eqpmt, svcs. & resources 
needed). Participate in RFP, 
RFQ or sales cycle for cit. svcs. 
& high tech sis. in U.S. & Africa 
Create a needs analysis (at 
times w/ Systems Eng'rs), sol'n 
design, create work & project 
plan stmt, & participation, when 
req'd in pre-sales presentations 
Coord. & manage in-house & on- 
site resources for projects. Train 
new Project Mgrs. & other mem- 
bers. Participate in resource allo 
cation & planning mtgs. w/ mgmt 
REQUIRES: Bach's degree (or 
equiv) in any field plus 1.5 yrs. 
exp. in job offd or as Project Mgr. 
Exp., which may have been ob- 
tained concurrently, must incid 
1.5 yrs. exp. design & implement 
Premier Services 


Sr. Consuitant. Reston, VA 
Determine, recommend, plan 
layout & install comp. hdwr & 
sftwr sys. & eapmt for max. effi- 
ciency. Dvip info mgmt sys. & 
components. Dvip & design 
graphical user interface & sftwr 
applics. using Visual Basic 
Sheridan Data Widgets, Crystal 
Rprts, MSMQ, ADO, .NET, OOP, 
SQL, XML & ASP. Write tech 
descript. of user needs, applics 
& prog. f(x). REQUIRES: M.S 
(or foreign equiv) in Comp Sci or 
Elect Engr plus 2 yrs exp in job 
offd or as Sftwr Engr. Exp., which 
may have been obtained concur- 
rently, must incid. 2 yrs exp utiliz- 
ing Visual Basic6, Crystal 
Reports7, ASP, ADO, & RDBMS 


Qualified applic., mail resume 
wiad to D.Schofield, Dimension 
Data, Inc, 1 Newbury St 
Framingham, MA 01701 


Cedar Rapids. IA - Computer Pro: 
grammer - Convert project specifi 
cations and statements of problems 
and procedures to detailed logical 
flow charts for coding into computer 
language. Develop and write com 
puter programs to store, locate, and 
retrieve specific documents, data 
and information. Work on software 
development projects for clients: 
customers. Projects involve devel 
opment of new computer applica- 
tions or systems, enhancement to 
existing computer applications/pro: 
grams or conversion of older main 
frame systems/programs to new 
Windows based systems/programs: 
applications. Must have Bachelor's: 
1 electronics engineering or com 
puter science and 5 years exper 
ence as a computer professional 
Must be a Microsoft Certified Pro 
duct Specialist in Database Design 
and Implementation using SQL Ser 
ver 7.0. Experience must include 2 
years with Windows, Windows NT, 
RDBMS, C++, SQL and SQL server. 
Must have experience in developing 
systems with business and finance 
applications and experience in de 
sign, development and implementa- 
tion of software from customer re 
quirements. Position is 40 hours: 
week from 8 to 5, w/ salary $70,000/ 
year. Must have proof of legal auth- 
ority to work in the U.S. Submit res- 
ume to lowa Workforce Center, 800 
7 St, SE, Cedar Rapids, lowa 
52406-0729. Refer to Job Order No 
1101758. Employer paid advertise. 
ment 


International Programming & Sys- 
tems, Inc. has employment oppor- 
tunities for Systems Analysts with 
any of the following skills: SAPI- 
ENS; TERADATA; VB. Develop- 
ers exp. in WIRELESS/802.X 
STRATUS, UNIX; UNIX Systems 
Admin and Network admin. Posi 
tions are available throughout the 
US inc. Hamilton & W. Trenton NJ. 
Philadelphia, PA. IPS also has 
openings for Sales and Recruiting 
staff in our San Francisco office 
Electronic responses are encour- 
aged, cflavell@ipsamerica.com or 
mail resume to IPS, 1875 So 
Grant Street, #300, San Mateo 
CA 94402 (Fax) 650-572-8679 
Principals only please 
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imaging Software Engineer. 
Develop and maintain business 
specific implementation of pur- 
chased document technology 
applications using ActionPoint 
scripting language; develop 
reusable program modules 
(COM objects) for business 
application integration; maintain 
DocuPACT source code devel- 
oped in object oriented technolo- 
gy; create and maintain WEB 
interface for DocuPACT based 
on XML; provide solutions to 
DocuPACT user problems, use 
MS SQL to extract data into doc- 
ument repository; incorporate 
document technologies into 
Strategic design and architecture 
of Enterprise Application Int- 
egration solutions; and collect 
define, publish, and adopt enter- 
prise wide standards for unstruc- 
tured data repository/ storage 
metadata and style sheets defin- 
itions, and systems security and 
access. Minimum requirements. 
Bachelor's degree or equivalent 
in computer science or engineer- 
ing plus two years experience. 
Prior experience must include 
two years of C++ and one year in 
web development and imaging 
systems or document manage- 
ment systems using XML/HTML. 
Java, and DocuPact. Compe 
titive salary. Hours: 8 am - 5 pm. 
M-F. *Must have indefinite right 
to work in US. Send resume 
demonstrating minimum require- 
ments to: Tipton Bradford, c/o 
ChoicePoint AVP-Human 
Resources 1000 Alderman 
Drive, 70-A, Alpharetta, GA 
30005. 


Cedar Rapids, IA and various loca- 
tions in U.S. P Programmer 
Convert project specifications and 
statements of problems and proce- 
dures to detailed logical flow charts 
for coding into computer language 
Develop and write computer pro- 
grams to store, locate, and retrieve 
specific documents, data and infor- 
mation. Design and write programs 
in SAP R/3. Invoived with develop- 
ment of SAP R/3 system. Work with 
ABAP/4 in SAP R/3. Must have 
Bachelor's in computer science 
and 2 years experience as a com- 
puter professional Will accept 
Associate's plus 6 years work 
experience in lieu of Bachelor's. 
Must have SAP R/3 4.x F1 Module 
Certification and SAP R/3 3/x 
ABAP/4 Developer Certification 
Must have experience in Develop 
ment Work Bench, Screen Painter. 
Menu Painter, Interactive Report 
Module poo! programming, Modifi- 
cation, SAP Script (Smart Form). 
User-Exit, BDC Programming, Data 
Transfer, RFC Programming, Run- 
time Analysis, Data Dictionary 
Position is 40 hours/week from 8 to 
5 wisalary $59,635/yr. Must have 
proof of legal authority to work in 
the U.S. Submit resume to lowa 
Workforce Center, 800 7!" st, SE 
Cedar Rapids, lowa 52406-0729. 
Refer to Job Order No. 1101761 
Empioyer paid advertisement 


Software Professionals 
and Managers 

Majesco Software, Inc., a lead- 
ing IT consulting firm with U.S 
headquarters in Irving, TX, is 
looking for qualified IT 
Professionals and IT Business 
Development Directors. 
For IT positions, we need expe- 
rienced Software Engineers/ 
Programmer Analysts/Systems 
Analysts with the foliowing skill 
areas: Siebel Scopus/Vantave/ 
Clarify/Silknet/Java/ASP/EJB/ 
Power Builder/Visual Basic/ 
VC++/SQL-Server/Oracle/ 
Ingress/Informix 
ideal candidates for IT Business 
Development Director positions 
will have technical background. 
ie Bachelor's degree in 
Engineering, Computer Science, 
Electronics or related field, and 
IT business development/man- 
agerial experience 
Positions may require relocation 
to various job sites throughout 
the United States. Qualified 
applicants send resumes to: HR 
Manager, Majesco Software 
Inc., 222 W. Las Colinas Bivd., 
Irving, TX 75039. 


Sr. Computer Systems Analyst 
wanted to work in Rochester Hills 
MI to maintain business information 
systems operational at all times 
with scheduled downtime having a 
minimum impact on users; re- 
search and recommend state-of- 
the-art systems to replace or aug- 
ment current equipment or soft- 
ware; write new software utilities 
including reports to support users 
needs; provide consulting services. 
and training to computer users; and 
provide user and system documen- 
tation. Requires BS degree in En. 
gineering, Business or Computer 
Science; 2 years experience as a 
Systems Administrator; at least 1 
year of Oracle experience through 
coursework or employment experi 
ence; and at least one bachelor 
degree level course in each of the 
following: Program Logic Control 
lers; Robotics in Manufacturing 
Automated Manufacturing Syst- 
ems. 40 hours per week, overtime 
varies, 8:00 a.m. to 5:00 p.m 

$94,440 per year. Employer paid 
ad. Send resume to MDOCD/ESA 
P.O. Box 11170, Detroit, MI 48202 
1170, refer to Reference No 
210545, 


Sr. Consultant. Job location 
Hartford, CT. Duties: Perform 
database admin. & analysis 
design, data modeling, & trou- 
bleshooting tasks & testing activi- 
ties. Design & develop complex 
solutions from customer's busi- 
ness reqrmnts. Translate busi- 
ness/func. Reqrmnts. into code 
Implement system enhance. & 
changes from tech. reqrmnts. & 
specs. Develop, modify, test & 
deploy Oracle forms, reports 
PL/SQL stored procedures & 
complex SQL queries & views 
using Oracle. Perform Pro*- 
COBOL coding required to main 
tain & enhance existing product 
set. Requires: M.S. in Comp. Sci 
Eng. or a related field & 3 yrs 
exp. in the job offered or 3 yrs. 
exp. as a Database Admin. or 
Consultant. Concurrent exp. must 
incl. 3 yrs. exp. performing data 
base analysis & 3 yrs. exp. using 
Oracle. Send resume (no calls) 
to: Marcy Baldwin, CTG, inc., 3 
Neptune Dr Ste. Q17 
Poughkeepsie, NY 12601-5571 


Programmer/Analyst: Analyze 
design, develop, test, implement 
and maintain customized business 
software applications in a main- 
frame or midframe environment 
using AS/400 and RPG/400 tech- 
nologies. Will also provide in-depth 
trouble shooting and problem solv- 
ing as well as analysis, design. 
development and implementation 
assistance to AS/400 program- 
mers, system administrators, oper- 
ators and end users. Must have 
Bachelor's or equivalent in CS 
Math/Engineering or related. Must 
have 2 yrs exp. in job offered or in 
related business applications de- 
velopment using AS/400 and 
RPG/400. Must be willing to be 
assigned to unanticipated client 
sites throughout the United States 
Salary: $75,000/yr Hrs: 8:00am- 
5:00pm, 40/wk. Please send 2 
copies of resume to: Case # 
200202403, Labor Exchange 
Office, 19 Staniford St., 1 5! FI 
Boston, MA 02114 


Technical Project Mgr. Job location. 
Chicago, IL. Duties: Resp. for man- 
aging tech. teams for PeopleSoft 
Financials & HRMS modules. Cre- 
ate tech. design spec. docs using 
pre-defined business functions 
Manage & train resources to code 
Unix Sheli scripts & SQR (reports & 
interfaces), SQA Robot, Compon- 
ent Interface & PeopleCode & to 
use PGP & SSL Encryption. Create 
& manage projects using MS-Pro- 
ject. Manage tech. teams resp. for 
PeopleSoft Appi. Security & testing 
teams that perform func., integra- 
tion & user acceptance testing. Re- 
quires: B.S. in Comp. Sci., Eng. or 
a related field & 4 yrs. exp. in the 
job offered or 4 yrs. exp. as a De- 
veloper, Syst. Analyst, Director or 
Tech. Lead. Concurrent exp. must 
incl. 4 yrs. exp. coding UNIX Shell 
scripts & 1 yr. exp. managing re- 
sources to code using PeopleCode 
Send resume (no calls) to: Diane 
Tuccito, Answerthink, Inc., 817 W. 
Peachtree St., Ste. 800, Atlanta, 
GA 30308 


Laer bucterumeey eal 


SENIOR PROGRAMMER/ANA: 
LYST to analyze, design, devel- 
op, test and maintain applica- 
tion software using Oracle DBA 
PL/SQL, Oracle Forms/Reports, 
Oracle Forms Services, Oracle 
Reports Services. Oracle 
Designer, Pro*C, C++, Visual 
C++, UNIX Shell Scripting and 
Btrieve SQL Utility under SUN 
Solaris and UNIX operating sys- 
tems. Require: B.S. degree in 
Computer Science, an 
Engineering discipline, or a 
closely related field with 2 yrs. of 
exp. in the job offered or as a 
Systems Analyst. Competitive 
salary offered. Send resume to 
Donna F. Loop Spartech 
Corporation, 120 S. Central 
Ave., Ste. 1700, Clayton, MO 
63105; Att: Job NM. 


Computer Programmer. Job loca- 
tion: Middletown, NJ. Duties 
Assist w/develop. of network provi- 
sioning & automation software 
platforms in C++, Java, CORBA 
X-Windows, Oracle & UNIX envi- 
ron. Perform programming using 
Java, C/C++, JSP, Serviet, J2EE 
JDBC, SQL, PL/SQL & Oracle 
Design & develop JSP tag libraries 
& custom tags, JavaBeans, Serv- 
lets & JSPs. Debug system defects 
& malfunctions. Requires: B.S. (or 
foreign equiv.) in Comp. Sci., Eng 
or a related field & 2 yrs. exp. in the 
job offered or 2 yrs. exp. as a 
Developer, Software Eng., Prog/ 
Analyst or Prog. Concurrent exp 
must incl. 2 yrs. exp. designing & 
developing JSP tag libraries & cus- 
tom tags & 2 yrs. exp. using Java 
& C++. Send resume (no calls) to: 
Marcy Baldwin, CTG, Inc 

3 Neptune Dr., Ste. Q17 
Poughkeepsie, NY 12601-5571 


{SEQ CHAPTER \h \r 1} 
Programer/Analyst: Analyze 
design, develop, test, implement 
and maintain customized software 
applications in a client/server envi- 
ronment using Oracle, Unix and 
SQL technologies. May be used on 
multi-tier systems related to 
Internet/Intranet/E Commerce 
Must have BS or equivalent in 
CS/Math/Engineering or related 
Must have 2 yrs exp. in job offered 
Must be willing to be assigned to 
unanticipated client sites through- 
out the United States. Salary 
$69,359.94/yr Hrs: 8:00am- 
5:00pm, 40/wk. Please send 2 
copies of resume to: Case # 2002- 
02313, Labor Exchange Office 
Staniford St., 18 Fi., Boston 
02114 


‘SW Engineer - Under direct supervi 
sion of Sr. SW Eng., sw eng. will 
design & devip. software & sustain 
co.'s cutting edge telephony de 
vices. Develop & enhance service. 
ability tools & participate in design & 
code reviews. Will test & integrate 
telecom. products & provide critical 
bug fixes for customers. Will provide 
customer software enhancements & 
use programming/analytical skills to! 
provide services for debugging. BS 
in Comp. Eng., Comp. Sci., E.E. or 
equiv. + 2 yrs exp. in job offered or 
w/ sw devipmt. Must have knowl- 
edge in at least 1 of the following 
telecom. protocols, ISDN or SS7 
Cali Processing, ATM or TCP/ IP as 
well as strong coding skills in C. 40 
hrs/wk; Sal.: $85,000/yr. Send 2 
resumes to: Case #200201866. 
Labor Exchange Office, 19 Staniford 
St 1st Fi, Boston MA 02114 


{SEQ CHAPTER \h \r 1} Program- 
mer/Analyst: Analyze, design, de- 
velop, test, implement and main- 
tain customized software applica- 
tions using J2EE platform, Java 
and Cobra. May be used on multi- 
tier systems related to Internet/ 
Intranet/E Commerce. Must have 
Bachelor or equivalent in CS/Math/ 
Engineering or related. Must have 
2 years exp. in job offered or in 
Design, development and integra- 
tion of enterprise applications Such 
experience must include Java, Co- 
bra and J2EE technologies. Must 
be willing to be assigned to unan- 
ticipated client sites throughout the 
United States. Salary: $75,000/yr 
Hrs: 8:00a.m.-5:00p.m., 40/wk 
Please send 2 copies of resume to: 
Case No. 200202294, Labor Ex- 
change Office, 19 Staniford St., 1St 
Fl, Boston, MA 02114 
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VP SOFTWARE ENGINEER- 
ING to direct and coordinate 
activities of software engineer- 
ing department in the design 
and development of applications 
using object oriented methodol- 
ogy, UML, EJB, JSP, JMS, C++ 
PERL, ASP, Cold Fusion, MS 
SQL Server, Sybase, MS MQ 
Tibco RV, SOAP, TCP/IP, LDAP. 
JavaScript Shockwave 
Vignette Story Server 
Interwoven TeamSite and Tibco 
PortalBuilder; Review analyses 
of activities, costs, operations 
and forecast data to determine 
department progress toward 
stated goals and objectives 
Analyze technology trends, 
human resource needs, and 
market demand to plan recom- 
mend and manage organiza- 
tional and operational changes 
to enhance processes. Require 
B.S. in Computer Science, or a 
closely related field with 2 yrs. of 
exp. in the job offered or as a 
Software Engineer. Experience 
must include at least six months 
leading a software development 
team and being responsible for 
all project management activi- 
ties. Competitive salary offered 
Send resume to: Cheri Cannon, 
Macquarium. Inc., 1800 
Peachtree St., NW, Suite 250. 
Atlanta, GA 30309; Attn; Job 
SK 


Vice President, Central Services 
(Bohemia, NY) - Design, build, mar- 
ket & manage a portfolio of IT solu- 
tions for SITA’s multimillion dollar 
Airport and Desktop Services 
(ADS) business line. Manage 180 
staff and $20M budget. Prepare 
Engineering, Product Management 
& Product Marketing depts. for IPO 
Launch the next generation of 
Common Use” systems. Utilize 
exp. in managing air transport 
industry IT systems development. 
managing budgets of $20M+, lead- 
ing large organizations (100+ staff) 
and commercial management ex- 
pertise. BS & 8 years related exp. 
required. Send resumes to SITA 
susan farrell@sita.aero, or fax to 
(631) 563-3918. Equal Opportunity 
Employer. 


Looking for 
a new career: 
The new itcareers.com 
and CareerJournal.com 
combined jobs database 


can help you find one. 


Check us out at: 
www. itcareers.com 


You can finda 
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Continued from page 1 
Oracle Bid 


to potentially standardize its 
human resource operations on 
a single set of applications. 

“T believe it’s Oracle’s moti- 
vation to stall the market as 
long as possible,” Hill said at 
the annual conference 
of J.D. Edwards’ Quest 
user group here last 
week. Denver-based 
J.D. Edwards this 
month agreed to be acquired 
by Pleasanton, Calif.-based 
PeopleSoft, a deal that now 
could hinge on whether Oracle 
succeeds in its effort to buy 
PeopleSoft. 

Hill said Praxair runs appli- 
cations from all three vendors 
in its various business units, 
including Oracle financials 
and PeopleSoft human re- 
source and payroll systems. 
He added that if Oracle pre- 
vails in its takeover attempt, 
he would reconsider his Peo- 
pleSoft investment — even 
though Oracle CEO Larry Elli- 
son has promised free migra- 





tions to Oracle’s E-Business 
Suite lli software or Version 8 
of PeopleSoft’s applications. 

“It never happens that way,” 
Hill said. “Any ERP conversion 
is a highly costly and complex 
endeavor, and [the need to do 
one] would cause us to re- 
evaluate the marketplace.” 

Oracle, which formally 

launched a tender of- 

fer for PeopleSoft’s 

stock last week, has 

said it would continue 

to support People- 
Soft’s existing users and 
wouldn't force them to migrate 
to its own applications. But Or- 
acle doesn’t plan to actively 
sell PeopleSoft’s products to 
new customers and has indi- 
cated that it would reassess 
PeopleSoft’s agreement to buy 
J.D. Edwards. 

“We see only a potential 
downside of significant addi- 
tional costs,” said Bill Monroe, 
chief operating officer at the 
Texas Education Agency in 
Austin, which runs People- 
Soft’s financial management 
and CRM software. 

“Conversion to another sys- 





NEWS 


tem could cost over $2 million, | 
| plus database costs,” Monroe 

| said. He added that agency of- 
| ficials have yet to assess other 


factors that could result from 
a takeover by Oracle, such as 
the potential that software 


| projects will have to be de- 


layed or that future function- 
ality will be lost. 

Mark Federle, CIO at The 
Weitz Co., a Des Moines, Iowa- 


| based construction firm that 


runs hosted versions of J.D. 
Edwards’ OneWorld XE appli- 
cations, is considering an up- 
grade to Version 8 of the ERP 
software within the next year. 
That project wouldn’t be af- 


| fected by a merger of J.D. Ed- 
| wards with PeopleSoft, Feder- 


le said. But he added that if 
Oracle buys the two compa- 


| nies and then eliminates 


OneWorld XE functions that 
are specific to the construc- 
tion industry, he will stick 
with the J.D. Edwards applica- 
tions for as long as he can 
while looking for new soft- 
ware that meets his needs. 
PeopleSoft’s board last week 
voted unanimously to recom- 


Oracle Users See Benefits in Takeover 


PeopleSoft and J.D. Edwards 
users seem to be widely op- 
posed to Oracle's proposed buy- 
out bid, but the unsolicited offer 
is getting a better reception from 
IT managers who use Oracle’s 
applications. 


Several users said last week 
that they see potential benefits 
from having some of People- 
Soft’s technology embedded in 
Oracle’s E-Business Suite tli ap- 
plications. For example, Oracle 
Satie 


ty in New Haven, Conn. 
Melanie Bock, a San Francis- 
co-based Oracle consultant and 
a past OAUG president, said she 
also thinks an acquisition of Peo- 
pleSoft would be good for Oracle 
users in the long run. A combi- 
nation of the two companies 
would mean a broader base of 
customers, which would widen 
user networking opportunities 
and potentially attract a larger 
number of skilied consultants 
and staffers, Bock said. 
However, she added that Ora- 
cle initially would likely have to 
purge and merge operations, 
which could mean a loss of re- 


One Oracle user who doesn't 
like the proposed takeover is 
Frank Milano, CIO at Terracon 
Inc., an engineering consulting 
firm in Lenexa, Kan. Milano said 
there's no synergy between Peo- 
pieSoft and Oracle and that he 





mend that shareholders reject 
Oracle’s $5.1 billion offer, say- 
ing that the takeover “would 


undoubtedly face lengthy anti- 
| trust scrutiny” and has “asig- | 


nificant likelihood” of being 


| blocked by the government. 
Oracle and PeopleSoft are cur- | 
| rently the No. 2 and No.3 

| business application vendors, 


respectively, behind market 
leader SAP AG. 

PeopleSoft also claimed that 
the unsolicited offer underval- 
ues the company and was de- 
signed to disrupt its operations 
and sales momentum by creat- 
ing uncertainties for users. 

Meanwhile, J.D. Edwards 


| filed lawsuits in Colorado and 


California state courts charg- 
ing that Oracle had engaged in 
unfair business practices and 
illegally interfered with the 
planned merger of PeopleSoft 
and J.D. Edwards. “We will not 
sit by idly while Oracle pur- 
sues this arrogant, unlawful 
and destructive course of ac- 
tion,” J.D. Edwards CEO Bob 


Dutkowsky said in a statement. 


Oracle responded that the 


| —— ° 
| J.D. Edwards suits have “no 
| merit whatsoever.” It also as- 


serted that PeopleSoft has “put 
the self-interest of [its] man- 
agement over the best inter- 
ests of PeopleSoft sharehold- 


| ers” by rejecting Oracle’s offer. 


Several J.D. Edwards users 
at the Quest Global 2003 con- 
ference said they have yet to 
fully assess what a takeover of 
PeopleSoft by Oracle would 
mean to them. “I think the 
only thing to do is sit back and 
wait,” said Leah Hansen, appli- 
cations manager at CanWel 
Distribution Ltd., a building 
materials distributor in Van- 
couver, British Columbia. “We 
don’t know what's going to 
happen.” D 


BUSINESS AS USUAL 


At Quest: J.D. Edwards outlines a series of 
enhancements to its applications: 


QuickLink 39144 

At Sapphire: SAP readies upgrades, 

woos PeopleSoft and J.D. Edwards users 
QuickLink 39172 
www.computerworld.com 
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Craig Conway 
said our offer is 
designed to disrupt 


| PeopleSoft’s strong 


momentum in the 
market. I’m not 


| sure how [software 


sales dropping 
39%] is strong 
momentum. 


LARRY ELLISON, CEO, 
ORACLE CORP. 


Ce eeresreesesesesssesees 


PeopleSoft was 
targeted for a 
hostile bid exactly 
because we have 
stronger products 
[than Oracle]. 


CRAIG CONWAY, CEO, 
PEOPLESOFT INC. 
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A Virus Checklist 


UGBEAR. KLEZ. SOBIG — that’s the one that appears to 
come from Microsoft.com. This summer, the virus hits 
just keep coming. It’s as if, for the past month, the virus 
world has been softening us up for Microsoft’s announce- 
ment last week that it’s getting into the antivirus business. 
Will Microsoft’s arrival really help? Probably not. Antivirus sub- 
scriptions make for a steady revenue stream, and Microsoft is big on 
steady revenue streams these days. But the company isn’t likely to 
add much new in the line of virus-protection technology. 
Besides, except for software security holes, the real virus problem 
today isn’t about technology. It’s about people. 


People who get sucked in by interesting 
e-mail subject lines. People who click to open 
mystery attachments. People who visit Web 
sites or download files that they shouldn’t. 
People who work their way around firewalls 
and virus shields. And yes, people who fail to 
keep firewalls and virus shields maintained. 

Virus writers use “social engineering” — 
clever psychological tricks — to help their pay- 
loads get through. They leverage human cu- 
riosity, vanity, fear and foolishness to defeat 
even the best antivirus technology. 

You’ve got the technology you need. Now, in 
this long, hot summer of virus attacks, it’s the 
perfect time to make sure you have a handle on 
the people part of the problem, too. 

@ Start by making sure antivirus software is 
actually running on all your PCs. You probably 
can’t afford a machine-by-machine sweep right 
now. But make sure every time a support tech 
touches a PC, that tech checks its antivirus 
logs, confirms that virus scans and definition 
downloads are running on schedule, and veri- 
fies that settings are correct. 

m@ Remember, users are clever. If antivirus 
software gets in the way, they’ll 
turn it off or work around it — and 
then tell they’re co-workers how 
they did it. So if you spot a problem 
machine with scans turned off or 
settings changed, there’s a good 
chance that nearby PCs will be that 
way too. 

@ Keep track of your biggest 
problem users — both the clever 
ones who change settings and the 
dumb ones who open every attach- 
ment. Talk with them. Explain the 
problem. Ask why they break the 
rules. They may show you legiti- 





mate issues that you can help with. You may 
persuade them to play it safer. In any case, 
you’ll want to recheck their PCs often. 

@ Leverage news reports about virus out- 
breaks. When you see one, send a short mes- 
sage to your users — say, six or eight lines — 
telling them that “CNN is reporting” or “the 
local newspaper has a story” about the virus. 
Remind them once again to be careful about 
e-mail attachments, downloaded files and un- 
familiar Web sites. Give them a few details, but 
be sure to keep it brief. It’s really just reinforce- 
ment, not a full explanation, and users have 
short attention spans. 

@ Go hunting for the ways users find to cir- 
cumvent your antivirus systems. Home com- 
puters that connect to company systems, Web 
mail, unauthorized modems and wireless hubs, 
and nonstandard Internet applications are the 
usual culprits. But don’t limit yourself to that 
short list. Remember, users are creative — and 
they may think what they’re doing is safe be- 
cause you’ve never told them not to do it. 

@ Finally, do a little social engineering of 
your own. Practice looking alarmed in a mirror, 

then trot that expression out when 
you discover dangerous user 
habits. Express concern about the 
work they'll lose, not just the safe- 
ty of your systems. Say “We need 
to be careful,” not just “Don’t ever 
do that!” Tell them their ways 
around the firewall are clever, but 
very dangerous. Flatter them, ca- 
jole them, guilt them — but con- 
vince them 

If that sounds a little silly, well, 
maybe it is. But it’s no sillier than 
waiting for Microsoft to save you 
from Sobig, Bugbear and Klez. D 
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Just One Little Problem 


Support tech is installing a new PC in this cubicle, and 
removing the old power cord will require dismantling 
half the cube. “He decided just to cut off the end and 
pull the wire out,” reports IT manager pilot fish. “Un- 
fortunately, he had not unplugged the cord before 
attempting this. Fortunately for him, the scissors had 
plastic handles” - so he survived. 


Trapped 
This early in- SHARK week. When 
gerprint-based pointed out it 
stectronic lock TANK was my prede- 
on the data cen- cessor who did 
ter seems like a great j is, | en ttt, "You 
idea in the mid-1980s. _: shouldn't have let him 
“Unfortunately, the : do that.” 
morning shift supervisor 
was one of those people | Unclear on the 
who did not fingerprint | Concept 
well,” says an on-scene : Support pilot fish sends 
pilot fish. The scanner —_ out an e-mail message 
and lock her between —_: for copying the attached 
two doors, forcing her to binary file to the correct 
signal the guard fer help. : directory. “Call me if you 
“But the night shift : have any trouble,” fish 
guard tended to fall _ adds. One user responds 
asleep,” fish sighs. ? by e-mail: “We cannot 
“Sometimes the supervi- get the attachment sent 
sor would be unable to: with this e-mail. Could 
leave the man-trap until ! you please fax it to us?” 
the next shift arrivedor =: 
tered the man-trap to let | Security? 
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: lows taking control of a 
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Got Outsourcing 
Questions? 


Computerworld’s New IT Executive Summit Series Has the Answers 


If you’re an IT executive in an Los Angeles, CA 

end-user organization, apply to Thursday, June 26, 2003, 8:00am to Noon 
attend Computerworld’s upcoming Hyatt Regency 

complimentary half-day summit on 8:00am to 8:30am Registration and Networking Breakfast 


IT Outsourcing: The Offshore 8:30am to 9:00am Welcome and Opening Keynote 
. Outsourcing Watch 2003: 
Alternative. The Best of Both Shores 


Maryfran Johnson, Editor in Chief, 
Robust global communication Computerworld 
technologies and state-of-the-art 9:00am to 9:30am _—s Industry Update 


; Evaluating Your IT Sourcing Options 
security tools have made IT out- Bart Perkins, Managing Partner, 


sourcing an increasingly viable Leverage Partners (an IT consultancy) 
option to achieve ROI. Part of 9:30am to 10:00am Business Case Study 

. H Rick Hamilton, CTO, DFS Group Ltd. 
Computerworld’s new IT Executive 

5 7 A oi eee 10:00am to 10:30am _ Refreshment Break 
Summit Series, this invitation-only, 
. ; 10:30am to 11:30am Outsourcing Strategies 

4-hour summit will explore how Leadership Strategies in Offshore 


. as . Outsourcing 
companies are realizing tangible ihactiiidbs taal Miata 


benefits from outsourcing IT Editor in Chief, Computerworld 


li ‘ d | Panelists: 
application development, ® Marty Chuck, ClO, Agilent Technologies 


integration and management. # Rick Hamilton, CTO, DFS Group Ltd. rey McEMiaditon 
® Jerry McElhatton, Senior EVP of Global 
. iis Technology and Operations, 
Seating is limited, so apply MasterCard International 


today! = Greg Schueman, Vice President 
and CTO, Mercury Insurance Group 
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Bart Perkins 


Marty Chuck 


11:30am to Noon Open Forum Greg Schueman 


For information, call Chris Leger at 888-299-0155 
or to register online, visit 
www.itexecutivesummit.com/outsourcing 
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Oracle | Microsoft 
42,000 Employees 50,000 Employees 


3 Oracle Email Database Servers 110 Microsoft Exchange Servers 


Source: Microsoft CiO 


Unless you have as much money as Microsoft, 
you may want to use Oracle for email 


ORACLE 


Source for Microsoft Data oracle com/email 
Keynote presentation by Microsoft ClO : 
at NRFtech IT Leadership Summit on August 12, 2002 or call 1 800.633.0541 
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